Earlier in June, Synnovis, a pathology services provider to several of London’s NHS Trust hospitals was the victim of double extortion ransomware. According to one healthcare cybersecurity expert, “this is probably one of the most significant cyberattacks on the NHS” and has had some serious consequences. As a result, it has highlighted the importance of good cybersecurity practices, particularly for the healthcare sector which is vulnerable to these types of attacks.
What happened?
A Russian cybercrime gang and emerging ransomware-as-a-service provider called Qilin, has claimed this attack on the 3rd of June. According to cybersecurity experts, the group was able to gain access to Synnovis’s systems through a zero-day vulnerability, likely caused by an outdated system. And, as reported in a recent Bloomberg article, many were aware that this service provider posed a potential security risk.
The hackers demanded USD 50m to not release the data, however Synnovis refused to pay and as a result, on the 19th June, Qilin released 400GB of data onto the dark web. This included patient names, dates of birth, NHS numbers and descriptions of blood tests.
What has been the impact of the attack?
This ransomware attack has resulted in thousands of operations and appointments being cancelled as the capacity for blood testing has been reduced dramatically. For example, a GP practice that could normally conduct 200 tests a day is currently only able to do 15 to 20. This has had some very serious implications for people who required urgent surgery or blood transfusions.
The long-term impact of the data leak is unclear, however people whose personal information has been released will be more vulnerable to frauds and scams in future.
What can we learn from this attack?
We know that the number of ransomware attacks – in particular, double extortion attacks – is increasing. And the healthcare sector is a key target as it holds so much valuable information and is often still using outdated IT systems, making them easier to hack. In 2023, the number of ransomware attacks on this sector almost doubled from 214 worldwide in 2022 to 389.
This means the sector needs to take stronger action. According to Darren Guccione, CEO and co-founder at Keeper Security, “Healthcare institutions must adopt a zero-trust architecture and enforce least-privilege access, ensuring employees have access only to the information necessary for their roles.”
And, given the breach was a result of security vulnerabilities in a supplier’s system, this incident shows how important it is for organisations to ensure that the cybersecurity practices of any company within your supply chain meets the highest standards.