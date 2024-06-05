Ransomware Attack Disrupts Operations Across London Hospitals

The incident affecting pathology-services provider Synnovis demonstrates the ripple effect that cyberattacks have on healthcare systems, and demands immediate security response.

Elizabeth Montalbano, Contributing Writer

June 5, 2024

5 Min Read
A health professional with blonde hair wearing a mask and gloves reaching outward to touch the circular graphic containing a lock in front of her
Source: Andrew Angelov via Alamy Stock Photo

A ransomware attack this week on UK healthcare provider Synnovis has forced several London hospitals to cancel services and surgeries, or redirect them to other facilities. The incident occurred Monday and has had a significant impact on their ability to deliver patient care, demonstrating once again the ripple effect that modern cyberattacks have on healthcare systems, demanding an immediate security response.

Synnovis — a partnership between two London-based hospital trusts and SYNLAB — said June 4 that it was the victim of a ransomware attack the day before that affected all of its IT systems, "resulting in interruptions to many of our pathology services," according to a post on the company’s website. Even before the company officially acknowledged the attack, however, social media posts already were reporting the effect it was having on the services of major London hospitals.

One of the key services that Synnovis provides are blood transfusions, which meant that some facilities — including King's College Hospital, Guy's Hospital, St Thomas' Hospital — had to cancel operations. Meanwhile, transplant surgeries at Royal Brompton and Harefield Hospital also were "axed," according to a post on X by Shaun Lintern, health editor at the UK's Sunday Times newspaper. Lintern included a screenshot of a letter sent by the CEO of Guy's and St Thomas NHS Foundation Trust to inform facilities of the situation, mentioning the "major effect" it was having on some facilities.

The UK National Health Service (NHS) also weighed in with a statement on Tuesday, noting that the incident forced hospitals to "prioritize" urgent work. Emergency services across the UK continued to be available as usual, and the NHS directed patients to attend scheduled appointments unless informed otherwise.

Cyberattacks Have Human Consequences

The attack demonstrates once again how repercussions of ransomware attacks can extend "beyond operational and financial disruptions" and into the sphere of public health and well-being, notes one security expert.

The attack directly impacted and endangered patient health, which "not only highlights the immediate impact of ransomware attacks on healthcare facilities but also erodes public trust in the very institutions responsible for safeguarding our health and well-being," says Kevin Kirkwood, deputy CISO at LogRhythm.

Indeed, high-impact attacks on healthcare providers have been ramping up recently, with several high-profile attacks occurring in the US earlier this year. In February, United Healthcare's Change Healthcare was hit by not one but two attacks, a nightmare for the healthcare provider that didn't end even after it paid the ransom demanded by a Black Cat/ALPHV ransomware affiliate.

Then in April, Ascension, which operates 140 hospitals across 19 states, was hit with a cyberattack that took down multiple essential systems including electronic health records (EHRs), the MyChart platform for patient communication, and certain medication and test-ordering systems.

Increasing Chances of a Payout

Indeed, attackers target healthcare providers because the disruption can mean life or death for patients, increasing the likelihood that the affected facility will pay, Dan Lattimer, vice president of security firm Semperis, tells Dark Reading. This means that facilities need "to conduct day-to-day operations assuming breaches will occur," he says.

"Preparing now for inevitable disruptions will dramatically improve hospitals' operational resiliency and better prepare them to turn away adversaries, leading the threat actors to softer targets downstream," Lattimer says.

Still, even being prepared may not ensure a provider can quickly rebound from an attack. In its statement, Synnovis said that it has "invested heavily in ensuring our IT arrangements are as safe as they possibly can be," but is now left apologizing for the disruption and "the inconvenience and upset this is causing to patients, service users and anyone else affected."

Synnovis has employed a taskforce of both in-house and NHS IT to assess the attack's impact and respond appropriately, according to its statement. It's also reported the attack to law enforcement and also is working with the UK National Cyber Security Center and the Cyber Operations Team, as well as with NHS Trust partners to minimize further fallout.

Respond, Don't React

Still, it's become clear that merely reacting after an attack occurs is no longer an option for victims of ransomware, particularly healthcare providers and facilities. In fact, the risk these organizations face has already inspired the US government's Advanced Research Projects Agency for Health (ARPA-H) to pledge $50 million for an initiative to create software that helps hospitals become cyber-resilient.

One of the biggest issues that healthcare organizations face that was highlighted in the Synnovis attack is that they work with numerous third-parties whose systems also have to be taken into consideration when evaluating how to secure infrastructure, Kirkwood says, driving new requirements.

"This includes continuous monitoring, regular security assessments, and comprehensive incident-response plans," he says. "By adopting these strategies, healthcare organizations can better protect their critical infrastructure and, most importantly, ensure the safety and trust of their patients."

Healthcare organizations also should identify critical services that are "single points of failure," and have a plan in place for what to do in the event that an attack occurs, Lattimer says.

"Keep in mind that in nearly 90% of ransomware attacks, the hackers will likely compromise the organization's identity system, which stores the crown jewels of the business," he warns. In the case of hospitals, that is where patient data and other forms of proprietary information is stored, so it's the "most vulnerable" entry point for organizations.

Having such an obvious weak spot demands a response from hospitals, making it "imperative" for them to have "real-time visibility to changes to elevated network accounts and groups," Lattimer advises.

About the Author(s)

Elizabeth Montalbano, Contributing Writer

Elizabeth Montalbano, Contributing Writer

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

See more from Elizabeth Montalbano, Contributing Writer
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Human profiles made out of crumpled paper, with one smoldering around the brain area as smoke rises
Cybersecurity Operations
9 Tips to Avoid Burnout in Cybersecurity9 Tips to Avoid Burnout in Cybersecurity
byJoan Goodchild, Contributing Writer
May 30, 2024
9 Slides
Dark web concept image with hooded hacker
Cyberattacks & Data Breaches
Leak Site BreachForums Springs Back to Life Weeks After FBI TakedownLeak Site BreachForums Springs Back to Life Weeks After FBI Takedown
byJai Vijayan, Contributing Writer
May 29, 2024
4 Min Read
CISO and team looking at screens with cybersecurity information.
Cyber Risk
Making the Case for 'Reasonable' CybersecurityMaking the Case for 'Reasonable' Cybersecurity
byStephen Lawton, Contributing Writer
May 28, 2024
4 Min Read
Reports
More Reports
White Papers
More Whitepapers
Events
More Events