Cyberattack Exposes Longstanding Vulnerabilities in London Hospitals
London hospitals are grappling with the aftermath of a cyberattack targeting their pathology services provider, Synnovis. The incident has cast a spotlight on years of known cybersecurity weaknesses within the Guy’s and St Thomas’ NHS Foundation Trust, which operates five hospitals in the city. According to publicly available documents from board meetings, the trust had acknowledged cybersecurity as a high risk as recently as April, with previous concerns raised about the security of digital links between hospital systems and third-party companies.
Disruption and Impact
The cyberattack, which occurred on June 3, brought down Synnovis's services, forcing doctors to delay medical procedures, postpone blood tests, and revert to handwritten records. The disruption has severely impacted blood services, with one hospital seeking donations from staff while facilities ask the public for help. The full extent of improvements made prior to the hack remains unclear, but vulnerabilities such as dated IT systems and hardware were noted in earlier board reports.
Guy’s and St Thomas’ NHS Foundation Trust issued a statement affirming their commitment to cybersecurity and ongoing collaboration with partners to understand the breach. However, the trust declined to comment on the prior cybersecurity warnings.
Ongoing Concerns and Modernization Efforts
Cybersecurity issues have been raised since mid-2021, with documents revealing that a significant number of IT systems and hardware devices were outdated. Although partial mitigation efforts were undertaken, some areas remained susceptible to attacks. The trust has since embarked on modernizing its IT infrastructure, updating systems, and conducting simulated hacks to identify vulnerabilities.
Despite these efforts, concerns persisted. By January 2024, the trust's IT infrastructure was reported to be well-configured, yet there were lingering questions about the adequacy of security procedures, particularly regarding third-party interfaces such as those managed with Synnovis.
Ransomware Gang Suspected
The cyberattack is suspected to have been carried out by a Russian-speaking ransomware group known as Qilin, which has been linked to over 100 attacks across various sectors since late 2022. Ransomware groups typically gain access through software vulnerabilities, malicious email links, or stolen credentials, encrypting files and demanding ransom payments.
Cian Heasley, Threat Lead at Adarma Security, emphasized the value of healthcare data and its critical role in patient treatment. Synnovis's statement highlighted the severity of the breach and the ethical disregard of those behind the attack.
Recurring Issues for Synlab AG
This breach marks the third known ransomware incident affecting a branch of Synlab AG in the past year. Earlier attacks targeted its French and Italian subsidiaries. Responding to the latest incident, Synnovis declared that all its IT systems were compromised and that it was working with experts to resolve the issue.
Mark Dollar, CEO of Synnovis, underscored the company's substantial investment in cybersecurity and the indiscriminate nature of such attacks. He called the incident a harsh reminder of the ever-present threat posed by cybercriminals.