Russian cybercriminals behind ransomware attack on hospitals – expert

A Russian group of cybercriminals is behind the ransomware attack hitting major London hospitals, says the former CEO of the National Cyber ​​Security Center.

Ciaran Martin said the attack on pathology services company Synnovis has led to a “severe reduction in capacity” and “it is a very, very serious incident”.

Hospitals declared a critical incident after the attack, canceled surgeries and tests and were unable to provide blood transfusions.

Memos to NHS staff at King’s College Hospital, Guy’s and St Thomas’ (including Royal Brompton and Evelina London Children’s Hospital) and primary care services in the capital said a “major IT incident” had occurred.

Asked on BBC Radio 4’s Today program if it is known who attacked Synnovis, Mr Martin said: “Yes. We believe it is a Russian cybercriminal group calling themselves Qilin.

“These criminal groups – there are quite a few of them – operate freely from Russia, they give themselves high-profile names, they have websites on the so-called dark web, and this particular group has about a two… year history of attacks on various organizations across the whole world.

“They’ve attacked car companies, they’ve attacked the big issue here in Britain, they’ve attacked Australian courts. They are just looking for money.”

He said it was “unlikely” that the Russian hackers would have known they would cause such a serious disruption to primary health care when they set out to carry out the attack.

He added: “There are two types of ransomware attacks. One of them is when they steal a bunch of data and try to force you to pay so that it doesn’t get released, but this case is different. It is the more serious form of ransomware where the system simply does not work.

“So when you work in healthcare in this trust you just don’t get those results, so it’s actually seriously disruptive.

“This type of ransomware has affected healthcare across the world.

Cyber ​​attack on major London hospitals
Guys and St Thomas’ was among a number of London hospitals hit by the cyber attack (Georgie Gillard/PA)

“It is especially damaging in the United States, and where this type of cyber attack differs in impact from others is that it affects people’s health care. So it really is one of the most serious we’ve seen in this country.”

He said the government has a policy of not paying, but the company would be free to pay the ransom if it wanted to.

On patient data, he said: “It’s not really about the data, it’s about the services.

“The criminals threaten to publish data, but they always do. Here the priority is to restore services.”

Synnovis is a provider of pathology services and was formed from a partnership between SynLab UK & Ireland, Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospital NHS Foundation Trust.

Some procedures and operations in hospitals have been canceled or referred to other NHS providers as hospital bosses determine what work can be carried out safely.

NHS officials said they are working with the National Cyber ​​Security Center to understand the impact of the attack.

Synnovis said the incident has been reported to law enforcement authorities and the Information Commissioner.

Sunday with Laura Kuenssberg
Health Minister Victoria Atkins said patient safety is her ‘absolute priority’ (Lucy North/PA)

Health Minister Victoria Atkins said on Tuesday her “absolute priority is patient safety”.

On social media site

“My absolute priority is patient safety and the safe resumption of services in the coming days.”

A spokesperson for the NHS England London region said Monday’s attack had “a significant impact” on the delivery of services at Guy’s and St Thomas’, King’s College Hospital NHS Foundation Trust and primary care services in south-east London.

“We are working urgently to fully understand the impact of the incident, with the support of the government’s National Cyber ​​Security Center and our cyber operations team.”

Synnovis CEO Mark Dollar said on Monday that a taskforce of IT experts from Synnovis and the NHS was working to fully assess the impact and what action is needed.

“Unfortunately, this is impacting patients, with some activities already canceled or referred to other providers as urgent work is prioritized,” he said.

One patient, Oliver Dowson, 70, was being prepared for surgery at the Royal Brompton Hospital from 6am on Monday, June 3, when he was told by a surgeon at around 12.30pm that the operation would not go ahead.

He told the PA news agency: “Staff on the ward did not seem to know what had happened, only that many patients were told to go home and wait for a new date.

“I’ve been given a date for next Tuesday and I’m crossing my fingers – it’s not the first time they’ve canceled, they did that on May 28 too, but that was probably a staff shortage in the half week.”

Vanessa Welham, from Streatham, south-west London, said her husband’s blood test at Gracefield Gardens health center was canceled on Monday evening and he was told local centers were not taking bookings “indefinitely”.

According to the Health Service Journal (HSJ), a senior source said that accessing pathology results could take “weeks rather than days”.