The NHS and tech firm Synnovis are investigating claims that a cybercriminal group has published data online obtained following a ransomware attack that affected several London hospitals.
NHS England said in a statement on Friday that it had been made aware that hackers had published data on Thursday night “which they claim belongs to Synnovis and was stolen as part of this attack.”
The health authority said it was continuing to work with Synnovis and the National Cyber Security Centre (NCSC) and others “to determine the content of the published files as quickly as possible,” including whether this data relates to NHS patients.
Synnovis, which provides pathology services to a number of southeast London hospitals, said in a statement on Friday: “We know how worrying this development may be for many people. We are taking it very seriously and an analysis of this data is already under way.”
On June 3, hackers attacked Synnovis with ransomware, affecting IT systems at Guy’s and St. Thomas’ NHS Foundation Trust, King’s College Hospitals NHS Trust, the Royal Brompton, and Evelina Children’s Hospital.
Operations and Appointments Still Being Cancelled
The ransomware attack affected hospitals’ ability to match patients with their correct blood types, resulting in the cancellation of operations and blood tests and prompting the NHS to make an urgent appeal for people with “universal” O blood types to donate.
The health service said that donations would be needed “over the coming weeks” to keep services running and that it was likely to be an ongoing issue for weeks. Urgent and emergency services remain available as usual.
On Thursday, the NHS published an update stating that while the majority of planned activity was able to go ahead, thousands of appointments and operations had been postponed.
Between June 10 and 16, across two of the most affected health trusts—King’s College Hospital NHS Foundation Trust, and Guy’s and St. Thomas’ NHS Foundation Trust—“more than 1,294 outpatient appointments and 320 elective procedures had to be postponed because of the attack.”
Medical director for NHS London Dr. Chris Streather said, “Although we are seeing some services operating at near normal levels and have seen a reduction in the number of elective procedures being postponed, the cyber-attack on Synnovis is continuing to have a significant impact on NHS services in South East London.”
Cyber Crime Gang Boss Sanctioned
A ransomware attack is a kind of malware that prevents users from accessing data, with the hackers threatening to keep users locked out permanently or share the data publicly unless a ransom is paid.The NCSC—part of GCHQ, the UK’s intelligence, security, and cyber agency—and the National Crime Agency assessed that LockBit was the leading ransomware threat to the UK.
The government considers it one of the most prolific ransomware groups in recent years which has attacked over 200 British businesses and public service providers.
However, ransomware attacks still register relatively low for some sectors compared to other forms of digital attacks and hacks.
Phishing attacks—where criminals send scam emails containing links to malicious websites or which are designed to trick users into revealing sensitive information —were the most frequent form of breach, experienced by 79 percent of businesses and 83 percent of charities who had their systems compromised.
This was followed by criminals impersonating organisations in emails (31 percent of businesses, 29 percent of charities); virus, spyware, or malware—but excluding ransomware (11 percent of businesses, 9 percent of charities); and hacking or attempted hacking of bank accounts (11 percent of businesses, 6 percent of charities).
