NHS and Tech Firm Investigating Claims Hacked Data Was Leaked Online

The hack affected software that helped hospitals effectively match patients with their correct blood types, causing delays to operations and appointments.
NHS and Tech Firm Investigating Claims Hacked Data Was Leaked Online
File photo of a general view of Guy's and St. Thomas' Hospital in London, England, dated Oct. 14, 2011. Georgie Gillard/PA Wire
Victoria Friedman
Updated:
0:00

The NHS and tech firm Synnovis are investigating claims that a cybercriminal group has published data online obtained following a ransomware attack that affected several London hospitals.

NHS England said in a statement on Friday that it had been made aware that hackers had published data on Thursday night “which they claim belongs to Synnovis and was stolen as part of this attack.”

The health authority said it was continuing to work with Synnovis and the National Cyber Security Centre (NCSC) and others “to determine the content of the published files as quickly as possible,” including whether this data relates to NHS patients.

Synnovis, which provides pathology services to a number of southeast London hospitals, said in a statement on Friday: “We know how worrying this development may be for many people. We are taking it very seriously and an analysis of this data is already under way.”

On June 3, hackers attacked Synnovis with ransomware, affecting IT systems at Guy’s and St. Thomas’ NHS Foundation Trust, King’s College Hospitals NHS Trust, the Royal Brompton, and Evelina Children’s Hospital.

Ciaran Martin, the former chief executive of the NCSC, said he believed the attack was conducted by a group of Russian cyber criminals who call themselves Qilin.

Operations and Appointments Still Being Cancelled

The ransomware attack affected hospitals’ ability to match patients with their correct blood types, resulting in the cancellation of operations and blood tests and prompting the NHS to make an urgent appeal for people with “universal” O blood types to donate.

The health service said that donations would be needed “over the coming weeks” to keep services running and that it was likely to be an ongoing issue for weeks. Urgent and emergency services remain available as usual.

On Thursday, the NHS published an update stating that while the majority of planned activity was able to go ahead, thousands of appointments and operations had been postponed.

Between June 10 and 16, across two of the most affected health trusts—King’s College Hospital NHS Foundation Trust, and Guy’s and St. Thomas’ NHS Foundation Trust—“more than 1,294 outpatient appointments and 320 elective procedures had to be postponed because of the attack.”

This means so far, 1,134 elective procedures and 2,194 outpatient appointments have been postponed at the two trusts since June 3, the NHS said in a statement.

Medical director for NHS London Dr. Chris Streather said, “Although we are seeing some services operating at near normal levels and have seen a reduction in the number of elective procedures being postponed, the cyber-attack on Synnovis is continuing to have a significant impact on NHS services in South East London.”

Dr. Streather added that mutual aid agreements between NHS labs “have begun to have a positive impact in primary care providers, helping increase the number of blood tests available for the most critical and urgent cases.”

Cyber Crime Gang Boss Sanctioned

A ransomware attack is a kind of malware that prevents users from accessing data, with the hackers threatening to keep users locked out permanently or share the data publicly unless a ransom is paid.
Last month, the UK, along with the United States and Australia, sanctioned Russian national Dmitry Khoroshev, the senior leader of cyber-crime gang LockBit, which was responsible for 25 percent of ransomware attacks globally in 2023.

The NCSC—part of GCHQ, the UK’s intelligence, security, and cyber agency—and the National Crime Agency assessed that LockBit was the leading ransomware threat to the UK.

The government considers it one of the most prolific ransomware groups in recent years which has attacked over 200 British businesses and public service providers.

The 24-hour operations room at Government Communication Headquarters (GCHQ) in Cheltenham, England, on Nov. 17, 2015. (Ben Birchall/AFP via Getty Images)
The 24-hour operations room at Government Communication Headquarters (GCHQ) in Cheltenham, England, on Nov. 17, 2015. Ben Birchall/AFP via Getty Images

However, ransomware attacks still register relatively low for some sectors compared to other forms of digital attacks and hacks.

A cyber security breaches survey of businesses and charities conducted by the government’s Department for Science, Innovation, and Technology found that just 4 percent of businesses and charities that had identified any form of criminal breach to their systems had been affected by ransomware last year.

Phishing attacks—where criminals send scam emails containing links to malicious websites or which are designed to trick users into revealing sensitive information —were the most frequent form of breach, experienced by 79 percent of businesses and 83 percent of charities who had their systems compromised.

This was followed by criminals impersonating organisations in emails (31 percent of businesses, 29 percent of charities); virus, spyware, or malware—but excluding ransomware (11 percent of businesses, 9 percent of charities); and hacking or attempted hacking of bank accounts (11 percent of businesses, 6 percent of charities).

PA Media contributed to this report.