Expert: Russian cybercriminals behind ransomware attack on hospital

A group of Russian cybercriminals is behind the ransomware attack on major London hospitals, the former chief executive of the National Cyber ​​​​Security Centre said.

Ciaran Martin said the attack on pathology company Synnovis had led to a “severe reduction in capacity” and was “a very, very serious incident”.

After the attack, hospitals declared the situation critical, cancelled operations and examinations and were no longer able to carry out blood transfusions.

Memos sent to NHS staff at King’s College Hospital, Guy’s and St Thomas’ (including the Royal Brompton and Evelina London Children’s Hospital) and primary care providers in the capital said there had been a “serious IT incident”.

Asked on BBC Radio 4’s Today programme whether it was known who attacked Synnovis, Martin said: “Yes. We believe it is a Russian group of cybercriminals calling themselves Qilin.”

“These criminal groups – and there are quite a few of them – operate freely from Russia, give themselves prominent names, have websites on the so-called dark web, and this particular group has been attacking various organizations around the world for about two years.

“They’ve attacked car companies, they’ve attacked the Big Issue here in the UK, they’ve attacked Australian courts. They’re just after money.”

He said it was “unlikely” that the Russian hackers knew when they launched their attack that they would cause such a severe disruption to basic healthcare.

He added: “There are two types of ransomware attacks. One is where they steal a lot of data and try to blackmail you into paying to keep it from being released, but this case is different. It’s the more serious type of ransomware where the system just doesn’t work.

“So if you work in this healthcare trust, you’re just not getting those outcomes. So that’s actually seriously disruptive.

“This type of ransomware has affected healthcare systems around the world.

“It’s particularly damaging in the United States, and this type of cyberattack is different in its impact from other attacks in that it affects people’s healthcare. So it’s really one of the more serious ones we’ve seen in this country.”

The story goes on

He said that the government’s policy is not to pay the ransom, but that the company is free to pay the ransom.

Regarding patient data, he said: “It’s not really about the data, it’s about the services.”

“The criminals threaten to publish data, but they always do so. Restoring services is the priority here.”

Synnovis is a provider of pathology services and was formed through a partnership between SynLab UK & Ireland, Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospital NHS Foundation Trust.

Some procedures and operations in hospitals have been cancelled or transferred to other NHS providers as hospital management determines what work can be carried out safely.

NHS officials said they are working with the National Cyber ​​Security Centre to understand the impact of the attack.

Synnovis said the incident had been reported to law enforcement and the Data Protection Commissioner.

Health Minister Victoria Atkins said on Tuesday that her “absolute priority is patient safety”.

Writing on social media site X (formerly Twitter), Ms Atkins said: ‘Yesterday I had meetings with NHS England and the National Cyber ​​Security Centre to oversee the response to the cyberattack on pathology services in south east London.

“My absolute priority is patient safety and the safe resumption of services in the coming days.”

A spokesman for NHS England for the London region said Monday’s attack had a “significant impact” on service delivery at Guy’s and St Thomas’ Hospital, King’s College Hospital NHS Foundation Trust and primary care in south-east London.

“With the support of the government’s National Cyber ​​Security Centre and our cyber operations team, we are working diligently to fully understand the impact of the incident.”

Synnovis CEO Mark Dollar said on Monday that a taskforce of IT experts from Synnovis and the NHS was working to fully assess the impact and determine what actions were needed.

“Unfortunately, this is having an impact on patients as some activities have already been cancelled or diverted to other providers as urgent work takes priority,” he said.

One of the patients, 70-year-old Oliver Dowson, was being prepared for surgery at the Royal Brompton Hospital from 6am on Monday 3 June when a surgeon informed him at around 12.30pm that the operation could not go ahead.

He told the PA news agency: “Ward staff did not seem to know what had happened. Many patients were just told to go home and wait for a new appointment.”

“I got an appointment for next Tuesday and I’m keeping my fingers crossed – it’s not the first time they’ve cancelled, it happened on May 28th, but that was probably due to a lack of staff during the half-time week.”

Vanessa Welham, from Streatham, south-west London, said her husband’s blood test at Gracefield Gardens health centre was cancelled on Monday evening and he was told local centres were not taking bookings for an “indefinite period”.

According to the Health Service Journal (HSJ), a senior source said access to pathology results could take “weeks, not days”.