A recent ransomware cyber-attack on a provider of lab services to the NHS led to so much disruption in several major hospitals that an urgent appeal for donations of O-type blood was issued.
What Happened?
On Monday 3 June, Synnovis, a provider of lab services, was the victim of a ransomware cyber-attack. The attack on the provider then impacted several major hospitals in London, including King’s College Hospital, Guy’s and St Thomas’, the Royal Brompton, and the Evelina London Children’s Hospital, and primary care services in southeast London. The attack is thought to be the work of Qilin, a Russian group of cyber criminals.
The Effects
Several of the London hospitals affected declared it a critical incident. The effects of the ransomware attack included the cancellation of operations, diverting patients to other trusts, and disruption in key areas such as transplant surgeries and blood transfusions.
Urgent Appeal For Blood Donations
The attack meant that the affected hospitals couldn’t match patients’ blood as quickly as usual. This, and the fact that blood only has a shelf life of 35 days (so stocks need to be continually replenished), and operations have been cancelled (creating a backlog) because of the cyber-attack led to an appeal. On 10 June, NHS Blood and Transplant (NHSBT) issued the appeal for O-positive and O-negative blood donors to urgently book appointments to donate in one of the 25 town and city centre NHS Blood Donor Centres in England, to boost stocks of O-type blood.
This is due to the fact that when hospitals do not know a patient’s blood type or cannot match their blood, it is safe to use O-type blood. O-negative blood type (8 per cent of the population have it) for example, can be given to anyone and is often known as the “universal blood type”, while O-positive, the most common blood type (35 per cent of donors have it) can be given to anybody with any positive blood type.
Following the disruption caused by the ransomware attack, more units of these types of blood than usual will be required over the coming weeks to support frontline staff to keep services running safely for local patients.
The Motivation?
It’s been reported that seeking to extort money was not the primary motivation for this attack despite ransomware being used, rather the attack appears to have been carried out just to disable the system.
It’s also been reported that NHS London said shortly after the incident that it had launched a cyber response team. That said, just days before the cyber-attack, reports indicate that NHS England had spent £3m on two contracts (with KPMG and Deloitte) to provide “cyber incident response” services for the next two years.
Why Are Hospitals Targeted So Often By Cyber Criminals?
Hospitals are often targeted by cyber criminals because they hold critical and sensitive data, often operate with outdated systems, and cannot afford prolonged downtimes, making them more likely to pay ransoms. Additionally, the widespread use of networked medical devices and historical underinvestment in cybersecurity measures make hospitals attractive targets for ransomware and other cyber-attacks.
Many may remember that the last major cyber-attack on UK hospitals was carried out by the notorious ransomware strain “WannaCry” in May 2020. The attack affected numerous NHS trusts across England, causing widespread disruption to services and leading to the cancellation of thousands of appointments and surgeries. That attack exploited a vulnerability in outdated Windows systems, highlighting significant cybersecurity weaknesses in the NHS’s infrastructure.
What Does This Mean For Your Business?
The ransomware attack on Synnovis and its widespread impact on major London hospitals illustrates the critical importance of cybersecurity for businesses and organisations across all sectors. For UK businesses, this is a stark reminder that cyber threats are an ever-present risk that can have far-reaching consequences. The attack on Synnovis was not an isolated event but is part of a broader trend of increasing cyber-criminal activity targeting critical infrastructure and services.
The disruption to healthcare services highlights the vulnerabilities that many organisations face, particularly those that handle sensitive data and rely on complex, interconnected IT systems. For businesses, this means that ensuring robust cybersecurity measures is not just a technical requirement but a fundamental aspect of operational resilience. Regularly updating software, conducting security audits, and training staff on cybersecurity best practices, for example, are essential steps to mitigate the risk of such attacks.
The financial and reputational damage caused by cyber-attacks can also be devastating. For businesses, a cyber-attack can result in significant downtime, loss of customer trust, and potential legal ramifications if sensitive data is compromised. Investing in cybersecurity is, therefore, not just a defensive measure but a proactive investment in the continuity and sustainability of your business.
The NHS’s swift response in this case, including the deployment of a cyber incident response team (and the recent investment in cybersecurity services), illustrates the importance of having a well-prepared response plan. Businesses should develop and regularly update their incident response plans to ensure they can quickly and effectively respond to any cyber threats. This includes having clear communication strategies in place to keep stakeholders informed during and after an incident.
Also, the urgent appeal for blood donations in the wake of the cyber-attack serves as a poignant reminder of the interconnectedness of our modern world. Disruptions in one sector can have cascading effects across others, emphasising the importance of collaboration and support within and between industries. For businesses, this means building strong partnerships and networks to enhance collective cybersecurity resilience.
The Synnovis cyber-attack which led to so many critical UK healthcare services being severely affected is yet another wake-up call for businesses and organisations of all kinds to prioritise cybersecurity. By taking proactive measures to protect their IT infrastructure, investing in robust security solutions, and preparing comprehensive response plans, businesses can better safeguard against the growing threat of cyber-attacks and ensure their long-term viability in an increasingly digital world.
By Mike Knight