Cyberattack on London hospitals will last ‘many months’ | NHS

A senior NHS source warned that the cyberattack, which is causing severe disruption to hospitals and doctors’ offices in London, will take “many months” to resolve.

“It is unclear how long it will take for services to return to normal, but it will likely be many months,” the senior official said.

“The key to returning to normality will be clarity about how the hackers gained access to the system, how many records are affected and whether those records are recoverable,” they added.

Six NHS trusts and dozens of GP practices in south-east London, caring for two million patients, have struggled to provide many medical services to their patients as usual since Russian hackers broke into the IT system of Synnovis, a private company that analyses blood tests, and rendered it unusable.

The ransomware attack, believed to have been carried out by Russian criminal gang Qilin, caused such chaos that the NHS had to declare a “critical incident” last Monday. Quilin’s modus operandi is to demand money from victims to regain access to their systems.

Trusts such as Guy’s and St Thomas’ (GSTT) and King’s College have had to cancel large numbers of non-urgent operations, including cancer operations, as well as planned caesarean births because they were forced to limit the number of blood tests carried out.

The NHS has not made any public statements about how long it will take for Synnovis to regain control of its system, which was blocked by hacked software, but the senior source’s comments reflect the latest thinking from NHS leadership on the likely timeframe.

Ciaran Martin, the former head of the National Cyber ​​Security Centre, echoed the NHS’s view that it may face a prolonged period of disruption.

“It should come as no surprise that full restoration of services takes weeks or even months. This is fairly typical for these types of disruptive ransomware attacks,” he said.

It would be “highly unusual” if NHS trusts could return to their normal ways of working within a short period of time, added Martin, who is now a professor at the Blavatnik School of Government at the University of Oxford.

“The real-world analogy is that it’s not so much about locking you out of the house, it’s more about kicking the door down, nailing it shut again and then putting a padlock on it,” he said of the attack on the NHS.

In such an attack, the attacker encrypts their IT systems and the victim is forced to rebuild their infrastructure unless they pay for access to a decryption key. Even if the computers are decrypted, the damage can still be significant.

The London region of the British health service NHS England is trying to mitigate the impact of the attack on medical care by intensifying “mutual aid”, with other trusts in the capital taking on some of the work that the affected hospitals cannot do.

For example, some patients with heart problems who were being treated as inpatients at GSTT or King’s have been transferred to St George’s Hospital in south-west London. There are plans to move organ transplants normally performed at King’s elsewhere.

GPs in the six south-east London boroughs where the trusts are based have also had to drastically reduce the number of blood tests they can order and focus only on urgent cases.

In her weekly message to health leaders on Monday, Health Service England chief executive Amanda Pritchard said that although we are a national health service, “it does not mean we are isolated from international events and actors – be they pandemics, supply chains, politics or criminals”.

She added that the hack showed “how easy it is to take things for granted until they are no longer there or are severely restricted”, referring to pathology services which “play an invisible but incredibly important role in the modern NHS”.

Typically, in addition to encryption, Qilin attacks also involve stealing data from a victim’s IT systems. The data is then published on a ransomware site on the dark web if a ransom is not paid. However, as of Monday, no data had been published on Qilin’s ransomware site.

NHS England has been contacted for comment.