London hospital ransomware attack blamed on Russian gang Qilin

A ransomware attack that left several London hospitals unable to provide pathology services this week has been blamed on a Russian cyber gang Qilin.

Cyber security experts claim the attack – which led NHS officials to call a critical incident – on pathology services provider Synnovis was most likely carried out by a group of Russian cybercriminals.

The incident is believed to have occurred on Monday and had a “major impact” on the delivery of services, including blood tests and transfusions, in London hospitals including King’s College Hospital, Guy’s and St Thomas’ and other primary care providers in the capital.

Former National Cyber Security Centre chief executive Ciaran Martin told BBC Radio 4 that the attack was believed to be the work of a Russian cybercriminal gang called Qilin.

He added: “These criminal groups – there are quite a few of them – they operate freely from within Russia, they give themselves high-profile names, they’ve got websites on the so-called dark web, and this particular group has about a two-year history of attacking various organisations across the world.

“They’ve done automotive companies, they’ve attacked the Big Issue here in the UK, they’ve attacked Australian courts. They’re simply looking for money.”

The National Cyber Security Centre is investigating the impact of the cyber-attack along with NHS officials.

Synnovis

The ransomware attack on Synnovis – a partnership between the two hospital trusts and European diagnostics firm Synlab – had been reported to the police and the Information Commissioner, according to a statement by the group’s CEO Mark Dollar.

He added: “It is still early days, and we are trying to understand exactly what has happened. A taskforce of IT experts from Synnovis and the NHS is working to fully assess the impact this has had, and to take the appropriate action needed. We are working closely with NHS Trust partners to minimise the impact on patients and other service users.

“Regrettably this is affecting patients, with some activity already cancelled or redirected to other providers as urgent work is prioritised. We are incredibly sorry for the inconvenience and upset this is causing to patients, service users and anyone else affected. We are doing our best to minimise the impact and will stay in touch with local NHS services to keep people up to date with developments.”

Health attack

Healthcare continues to be one of the most targeted sectors by ransomware attacks, according to a new study from cyber security firm Blackfog.

In the month of May, the healthcare sector saw a total of 57 ransomware attacks across the globe – an increase of 30% on the previous month.  Education, services and manufacturing closely follow, according to the figures from Blackfog’s May State of Ransomware report.

Charlotte Webb, marketing and operations director at Hyve Managed Hosting, claimed that the incident with the London hospitals highlighted some of the challenges faced by healthcare providers, and why they need to diversify digital infrastructure.

“With healthcare providers reliant on digital operations, in an industry where lives are at risk, putting all your eggs in one basket with a single provider means that risk is not spread across multiple platforms, leaving organisations vulnerable in the event of a cyber attack,” she said.

“To mitigate this, healthcare organisations should look at diversifying their cloud approach, in addition to ensuring that their service providers have comprehensive security measures in place, as well as backup and disaster recovery plans ready for these situations, so that patient care is not affected. Adopting a hybrid or multi-cloud strategy, for example, can mitigate risks by distributing workloads across multiple environments, ensuring that an outage with one provider does not cripple the entire system.”

Network visibility is also vital, according to RiverSafe CTO Oseloka Obiora, who commented on the attack.

He said: “There is a large importance for robust cybersecurity measures, especially in the healthcare sector. To enhance readiness, it is essential that security teams adopt robust network visibility to promptly identify and resolve vulnerabilities across systems, minimising the impact of cyber threats to vital infrastructure.”