Russian cybercriminals behind ransomware attack on London NHS hospitals, causing severe disruption and cancellation of operations and tests. Investigation underway by National Cyber Security Centre and NHS officials. Priority is patient safety and restoration of services.
A group of Russian cybercriminals behind ransomware attack on London NHS hospitals
A group of Russian cybercriminals has been identified as the culprits behind a ransomware attack that brought major London NHS hospitals to a halt. Ciaran Martin, the former chief executive of the National Cyber Security Centre, described the incident as a “very, very serious” one that resulted in a severe reduction in capacity for pathology services firm Synnovis. The attack prompted hospitals to declare a critical incident, leading to the cancellation of operations, tests, and blood transfusions.
Memos were sent to NHS staff at several hospitals and primary care services in the capital, informing them of a major IT incident. When asked about the identity of the attackers, Martin revealed that they were a Russian group of cybercriminals known as Qilin. He explained that these criminal groups, which operate freely from within Russia, often give themselves high-profile names and have websites on the dark web. Qilin, in particular, has a history of attacking various organizations worldwide, including automotive companies, the Big Issue in the UK, and Australian courts. Their primary motivation is financial gain.
Martin emphasized that it was unlikely the Russian hackers anticipated the extent of the disruption they would cause to primary healthcare services. He distinguished between two types of ransomware attacks: one involving the theft of data, which is then used to extort payment, and the other, more serious type, which renders the system inoperable. In this case, the latter type of attack was employed, severely disrupting the healthcare trust’s ability to provide essential services.
While the government has a policy of not paying ransoms, Martin acknowledged that the affected company, Synnovis, could choose to pay if it deemed it necessary. However, he stressed that the priority should be the restoration of services rather than giving in to the criminals’ demands. The National Cyber Security Centre is currently investigating the impact of the cyber-attack in collaboration with NHS officials. Synnovis has reported the incident to the police and the information commissioner.
Health Secretary Victoria Atkins expressed her commitment to patient safety and the swift resumption of services in the coming days. Mark Dollar, the CEO of Synnovis, stated that a taskforce comprising IT experts from both Synnovis and the NHS was working to assess the full impact of the attack and determine the necessary course of action. According to the Health Service Journal, gaining access to pathology results could take weeks rather than days.
