Cyberattack disrupts patient care at London hospitals

Moritz Erken

NHS hospitals in London have declared a critical incident caused by a ransomware attack on a pathology services provider, leading to cancelled procedures and patients having to be transferred to different care providers.

The attack on Synnovis has impacted patient care at Guy’s and St Thomas’ and King’s College Hospital NHS Foundation Trusts, as well as GP services in southeast London, according to an NHS England statement.

The incident took place on Monday and disconnected the hospitals from servers operated by Synnovis, which is a partnership between the two hospital trusts and SYNLAB, Europe’s largest provider of medical testing and diagnostics.

As a result, key services like blood transfusions and tests could not be provided, disrupting care. NHS England said that emergency services are unaffected and patients should continue to attend appointments unless they are told otherwise, noting that contingency plans are in place to deal with this type of incident.

“We will continue to provide updates for local patients and the public about the impact on services and how they can continue to get the care they need,” it added.

The attack is yet another example of healthcare becoming a primary target for cybercriminals due to the sensitivity and scale of patient data and the need to keep operations running. Other attacks have involved US hospital operator Ascension and health insurer UnitedHealth, which caused widespread disruption earlier this year.

According to the NCC Group consultancy, which monitors the cyber threat landscape, healthcare was the third most targeted sector for ransomware attacks globally in the first quarter of 2024, with 108 attacks that accounted for 10% of the total. North America and Europe dominated the total number of regional ransomware attacks, with more than 80% of cases.

Synnovis chief executive Mark Dollar said that a task force of IT experts is working to fully assess the impact of the attack and to take “the appropriate action needed,” adding that it has been reported to law enforcement and the UK Information Commissioner. The National Cyber Security Centre is also assisting in the investigation.

“It is still early days and we are trying to understand exactly what has happened,” said Dollar, adding: “This is a harsh reminder that this sort of attack can happen to anyone at any time and that, dispiritingly, the individuals behind it have no scruples about who their actions might affect.”

The notorious WannaCry ransomware attack that took place in 2017 affected organisations around the world, including the NHS and drugmakers like MSD, and was estimated to have cost the NHS £92 million to resolve.

Just over a year ago, the UK government set out a strategy to protect the NHS and social care organisations from cyberattacks, with the aim of building resilience into systems by 2030.

“This incident reminds us that the ransomware threat is now an ever-present danger to critical institutions from schools to hospitals; it should be among the highest risks on the register,” commented Steve Sands of BCS, The Chartered Institute for IT, and a cyber security expert.

“We need to ensure that all public sector organisations have contingency plans in place to manage cyber-attacks, that staff are regularly trained on risk and there is sufficient investment in software resilience,” he added. “Whoever forms the next government needs to make sure the NHS has this resource and that it is spent correctly, to ensure that lives are not put at risk.”

Photo by Moritz Erken on Unsplash