Thousands of procedures canceled at London hospitals as Qilin releases blood test data
The attack on blood testing company Synnovis continues to affect patients, while the ransomware group follows through with its threats
NHS England has revealed that it's been forced to cancel thousands of elective procedures and outpatient appointments since the cyber attack on blood testing company Synnovis on 3 June.
Meanwhile, attacker Qilin, a Russian-speaking ransomware group, has published almost 400GB of sensitive data on Telegram and its own dark web site after failing to secure a payout from the firm. This includes patient names, dates of birth, NHS numbers and descriptions of blood tests.
At the two affected NHS Trusts, King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust, more than 1,294 outpatient appointments and 320 elective procedures have been postponed this week.
This brings the total to 1,134 elective procedures and 2,194 outpatient appointments since the original attack.
"Although we are seeing some services operating at near normal levels and have seen a reduction in the number of elective procedures being postponed, the cyber attack on Synnovis is continuing to have a significant impact on NHS services in South East London," said Dr Chris Streather, medical director for NHS London.
Qilin is believed to have demanded $50 million for the data, while claiming that its attack was politically motivated; it told the BBC the attack was in retaliation for the government's refusal to help in an unspecified war.
Conor Agnew, lead cyber security assessor at Closed Door Security, said while the attack may well have been conducted for political reasons, there is undoubtedly a financial motivation at play.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"Despite the actors stating the attack is politically motivated, it is most likely spurred by a desire to make money and financially benefit from the disruptions the incident is causing to patient care,” he said.
The latest leak, he added, is meant to ramp up the pressure on Synnovis to pay up, while demonstrating the highly sensitive data the Qilin now has in its possession.
Kevin Robertson, COO of Acumen Cyber, said questions still remain over how Synnovis will respond to the incident. Although authorities have been clear that negotiating with cyber crime groups is ill-advised, the frantic nature of ransomware attacks means some organizations succumb to pressure.
"The UK government has made clear it will never negotiate with ransomware gangs, as they know this only fuels the industry. However, it’s not clear what approach a private organization like Synnovis will take. Clearly the organization is in a state of turmoil just now," he said.
"Other organizations must learn from this incident and work to harden their defenses against ransomware. These attacks are not going to go away, they are only going to increase, especially while Russia provides a safe haven for adversaries where they are celebrated for attacks, rather than penalized."
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.