Synnovis, King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust: 'Russian criminals' behind hospitals cyber attack

Synnovis, King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust: 'Russian criminals' behind hospitals cyber attack

Russian Ransomware Attack Disrupts Major London Hospitals, Delaying Critical Care

A ransomware attack attributed to the Russian cybercriminal group Qilin has severely disrupted pathology services at multiple NHS hospitals in south-east London, leading to canceled surgeries, delayed blood tests, and diverted emergency patients. The incident, declared a critical incident on Tuesday, has impacted Guy’s and St Thomas’ NHS Foundation Trust (including the Royal Brompton and Evelina London Children’s Hospital), King’s College Hospital NHS Foundation Trust, and primary care providers in the region.

The attack targeted Synnovis, a pathology services firm that processes 100,000 blood tests daily for around two million patients. Unlike typical ransomware incidents involving data theft, this attack disabled critical systems, forcing hospitals to prioritize only the most urgent cases. Ciaran Martin, former CEO of the National Cyber Security Centre (NCSC), confirmed the group’s financial motives, noting that Qilin had previously targeted entities like automotive companies, Australian courts, and the Big Issue UK. While the hackers threatened to publish data a common tactic Martin emphasized that the primary impact was operational disruption, not data exposure.

Patients reported last-minute cancellations, including a man whose open-heart surgery was postponed just moments before the procedure. NHS London stated that urgent and emergency services remain operational, but non-critical appointments and blood transfusions have been affected. Staff are working to restore services, though the full extent of the disruption remains unclear.

The attack highlights the growing threat of Russian-linked cybercrime, with Qilin operating freely from within Russia. The UK government maintains a no-ransom policy, complicating recovery efforts. Synnovis, which opened new laboratories in Southwark in April, has not provided further comment. The incident is among the most serious cyberattacks on UK healthcare in recent years.

Source: https://www.bbc.com/news/articles/cxee7317kgmo

Synnovis TPRM report: https://www.rankiteo.com/company/synnovis

King’s College Hospital NHS Foundation Trust TPRM report: https://www.rankiteo.com/company/guys-and-st-thomas-nhs-foundation-trust

Guy’s and St Thomas’ NHS Foundation Trust TPRM report: https://www.rankiteo.com/company/guys-and-st-thomas-nhs-foundation-trust

"id": "guysyn1780526611",
"linkid": "guys-and-st-thomas-nhs-foundation-trust, synnovis",
"type": "Ransomware",
"date": "6/2024",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"
{'affected_entities': [{'customers_affected': 'Patients requiring blood tests '
                                              'and surgeries',
                        'industry': 'Healthcare',
                        'location': 'London, UK',
                        'name': 'Guy’s and St Thomas’ NHS Foundation Trust',
                        'type': 'Hospital'},
                       {'customers_affected': 'Patients requiring blood tests '
                                              'and surgeries',
                        'industry': 'Healthcare',
                        'location': 'London, UK',
                        'name': 'Royal Brompton',
                        'type': 'Hospital'},
                       {'customers_affected': 'Patients requiring blood tests '
                                              'and surgeries',
                        'industry': 'Healthcare',
                        'location': 'London, UK',
                        'name': 'Evelina London Children’s Hospital',
                        'type': 'Hospital'},
                       {'customers_affected': 'Patients requiring blood tests '
                                              'and surgeries',
                        'industry': 'Healthcare',
                        'location': 'London, UK',
                        'name': 'King’s College Hospital NHS Foundation Trust',
                        'type': 'Hospital'},
                       {'customers_affected': 'Two million patients, 100,000 '
                                              'blood tests daily',
                        'industry': 'Healthcare',
                        'location': 'London, UK',
                        'name': 'Synnovis',
                        'type': 'Pathology Services Firm'}],
 'customer_advisories': 'NHS London statement on operational status',
 'data_breach': {'data_encryption': 'Disabled critical systems',
                 'data_exfiltration': 'Threatened but not confirmed as primary '
                                      'impact'},
 'date_detected': '2024-06-04',
 'date_publicly_disclosed': '2024-06-04',
 'description': 'A ransomware attack attributed to the Russian cybercriminal '
                'group Qilin has severely disrupted pathology services at '
                'multiple NHS hospitals in south-east London, leading to '
                'canceled surgeries, delayed blood tests, and diverted '
                'emergency patients. The incident targeted Synnovis, a '
                'pathology services firm, disabling critical systems and '
                'forcing hospitals to prioritize only the most urgent cases.',
 'impact': {'brand_reputation_impact': 'Severe',
            'operational_impact': 'Canceled surgeries, delayed blood tests, '
                                  'diverted emergency patients, prioritization '
                                  'of urgent cases only',
            'systems_affected': 'Pathology services, blood test processing, '
                                'surgery scheduling'},
 'investigation_status': 'Ongoing',
 'motivation': 'Financial',
 'ransomware': {'data_encryption': 'Yes',
                'data_exfiltration': 'Threatened',
                'ransomware_strain': 'Qilin'},
 'references': [{'source': 'Former CEO of the National Cyber Security Centre '
                           '(NCSC), Ciaran Martin'}],
 'response': {'remediation_measures': 'Staff working to restore services'},
 'threat_actor': 'Qilin',
 'title': 'Russian Ransomware Attack Disrupts Major London Hospitals, Delaying '
          'Critical Care',
 'type': 'Ransomware'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.