by A Russian group of cyber criminals is behind the ransomware attack affecting major London hospitals, the former chief executive of the National Cyber Security Center has said.
Ciaran Martin said the attack on pathology services company Synnovis had resulted in a “significant reduction in capacity” and was a “very serious incident”.
Hospitals declared a critical incident after the attack and canceled surgery and tests and were unable to carry out blood transfusions.
Memos to NHS staff at King’s College, Guy’s and St Thomas’ Hospital (including the Royal Brompton and Evelina London Children’s Hospital) and primary care services in the capital said there had been a “major IT incident”.
Asked on BBC Radio 4’s Today program if he knows who attacked Synnovis, Mr Martin said: “Yes. We believe they are a Russian group of cyber criminals calling themselves Qilin.
“These criminal groups – there are many of them – operate freely from inside Russia, they give themselves high-profile names, they have websites on the so-called dark web, and there are about two one at this particular group. the history of the year of attack by various organizations around the world.
“They’ve done automotive companies, they’ve attacked the Big Issue here in the UK, they’ve attacked the Australian courts. They just want money.”
He said it is “likely” that the Russian hackers knew they would cause such serious disruption to primary health care when they attempted the attack.
He said: “There are two types of ransomware attacks. One is when they steal a load of data and try to trick you into paying to avoid being released, but this case is different. It is the most serious type of ransomware when the system does not work.
“So if you’re working in healthcare under this trust, you’re not getting those results so it really affects it.
“This type of ransomware has affected healthcare around the world.
“It’s very damaging in the United States, and when this type of cyber attack is different in terms of how it affects other people, it affects people’s health care. So it’s one of the most serious we’ve seen in this country.”
He said that the Government has a policy of not paying but that the company would be free to pay the ransom if it chose.
On patient data, he said: “It’s not really a data issue in this one, it’s a services issue.
“The criminals are threatening to publish data, but they always do that. The priority here is to restore services.”
Synnovis is a provider of pathology services and was formed from a partnership between SynLab UK & Ireland, Guy’s and St Thomas’ NHS Foundation Trust and King’s Hospital NHS Foundation Trust.
Some procedures and operations at the hospitals have been canceled or diverted to other NHS providers as hospital leaders decide what work can be done safely.
NHS officials said they are working with the National Cyber Security Center to understand the impact of the attack.
Synnovis said the incident was reported to law enforcement and the Information Commissioner.
Health Secretary Victoria Atkins said on Wednesday that patient safety was the “absolute priority”.
On social media site X, formerly Twitter, Miss Atkins wrote: “During yesterday I had meetings with NHS England and the National Cyber Security Center to oversee the response to the cyber attack on pathology services in south east London.
“My absolute priority is patient safety and the safe resumption of services in the coming days.”
The Health Service Journal (HSJ) reported one senior NHS manager as saying: “It’s everyone’s worst nightmare.
“The difficulty will be that when you have total system downtime, the number of tests will be very large. Even if you could transport samples around London to other labs how would you get the results back because they are not integrated that way?
“Urgent tests must be managed on site. No doubt they will want GPs to send urgent tests only, to manage volumes.”
Another source told the HSJ that the attack created a major problem for urgent and emergency care at the hospitals because they would not be able to access quick turnaround blood test results.
Synnovis said Wednesday it was unable to comment on the attack.
A spokesman for NHS England London region said on Tuesday that Monday’s incident had a “significant impact” on service delivery at Guy’s and St Thomas’, King’s College Hospital NHS Foundation Trust and primary care services in south-east London.
“We are working urgently to fully understand the impact of the incident with the support of the Government’s National Cyber Security Center and our cyber operations team.”
Synnovis chief executive Mark Dollar said a task force of IT experts from Synnovis and the NHS was working to fully assess the impact and what action is required.
“Unfortunately, this is affecting patients, with some activity already being canceled or diverted to other providers as urgent work is prioritized,” he said.
One patient, Oliver Dowson, 70, was being prepared for surgery from 6am on Monday 3 June at the Royal Brompton Hospital when a surgeon told him at around 12.30pm that he would not be going ahead.
He told the PA news agency: “Staff on the ward didn’t seem to be aware of what had happened, but many patients were being told to go home and wait for a new date.
“I’ve been given a date for next Tuesday and I’m crossing my fingers – it’s not the first time they’ve canceled it, they did it on May 28, but it’s probably short staffing in half term week .”
Vanessa Welham, from Streatham, south-west London, said her husband’s blood test at Gracefield Gardens health center was canceled on Monday evening and she was told local centers were not accepting bookings for an “indefinite period of time”.
According to the HSJ, one senior source said it could take “weeks, not days” to access pathology results.
