Russian Hackers Blamed As Ransomware Impacts London Hospitals

Tom Jowitt,
Linkedin

Former NCSC boss Ciaran Martin identifies Russian cybercriminals behind a ransomware attack that impacted London hospitals

The former and founding head of the National Cyber Security Centre (NCSC), Ciaran Martin, has said Russian cybercriminals were behind a ransomware attack that impacted a number of NHS hospitals in London.

On Tuesday major London hospitals had to cancel operations and blood transfusions after being hit by a cyberattack that began on Monday, resulted in them declaring it a “critical incident”, the Guardian reported.

It was reported that seven hospitals run by two NHS trusts including Guy’s, St Thomas’ and King’s College as well as the Evelina children’s hospital, Royal Brompton and Harefield specialist heart and lung hospitals and also the Princess Royal hospital in Orpington, suffered serious disruption to their services.

Synnovis compromise

The attack stemmed from a ransomware attack on a private company called Synnovis, that analyses blood tests for these hospitals.

Synnovis CEO Mark Dollar issued a statement on Tuesday, confirming the cyberattack.

“On Monday 3 June, Synnovis – a partnership between two London-based hospital Trusts and SYNLAB – was the victim of a ransomware cyberattack,” wrote Dollar. “This has affected all Synnovis IT systems, resulting in interruptions to many of our pathology services.”

“It is still early days and we are trying to understand exactly what has happened,” wrote Dollar. “A taskforce of IT experts from Synnovis and the NHS is working to fully assess the impact this has had, and to take the appropriate action needed. We are working closely with NHS Trust partners to minimise the impact on patients and other service users.”

“Regrettably this is affecting patients, with some activity already cancelled or redirected to other providers as urgent work is prioritised,” Dollar added. “We are incredibly sorry for the inconvenience and upset this is causing to patients, service users and anyone else affected.”

“We take cybersecurity very seriously at Synnovis and have invested heavily in ensuring our IT arrangements are as safe as they possibly can be,” said Dollar. “This is a harsh reminder that this sort of attack can happen to anyone at any time and that, dispiritingly, the individuals behind it have no scruples about who their actions might affect.”

Dollar said that the incident has been reported to law enforcement and the Information Commissioner, and Synnovis is working with the National Cyber Security Centre and the Cyber Operations Team.

Russian hackers

On Wednesday, the former NCSC boss Ciaran Martin spoke to the BBC Radio 4’s Today programme about the ransomware attack, and identified Russia-based criminal hackers Qilin as being responsible.

“This is one of the most unpleasant & impactful cyber incidents in the UK in recent years,” said Martin.

He added the attack had led to a “severe reduction in capacity” and was a “very, very serious incident”.

When asked if it was known who attacked Synnovis, Martin replied: “Yes. We believe it is a Russian group of cybercriminals who call themselves Qilin.

NCSC chief Ciaran Martin. Image credit: UK government

Martin said that Russia has a number of criminal groups that operate freely within that country, and Qilin has a two year history of attacking various organisations across the world.

“They’ve done automotive companies, they’ve attacked the Big Issue here in the UK, they’ve attacked Australian courts. They’re simply looking for money,” he told the BBC.

Martin said it was unlikely the Russian hackers would have known they would cause such serious primary healthcare disruption when they set out to do the attack.

“There are two types of ransomware attack,” he said. “One is when they steal a load of data and they try and extort you into paying so that isn’t released, but this case is different. It’s the more serious type of ransomware where the system just doesn’t work.

“So, if you’re working in healthcare in this trust, you’re just not getting those results so it’s actually seriously disruptive.”

Last week Ciaran Martin said last week that a recent US warning that China is targeting key infrastructure should be taken more seriously.