NHS England has revealed that it's been forced to cancel thousands of elective procedures and outpatient appointments since the cyber attack on blood testing company Synnovis on 3 June.
Meanwhile, attacker Qilin, a Russian-speaking ransomware group, has published almost 400GB of sensitive data on Telegram and its own dark web site after failing to secure a payout from the firm. This includes patient names, dates of birth, NHS numbers and descriptions of blood tests.
At the two affected NHS Trusts, King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust, more than 1,294 outpatient appointments and 320 elective procedures have been postponed this week.
This brings the total to 1,134 elective procedures and 2,194 outpatient appointments since the original attack.
"Although we are seeing some services operating at near normal levels and have seen a reduction in the number of elective procedures being postponed, the cyber attack on Synnovis is continuing to have a significant impact on NHS services in South East London," said Dr Chris Streather, medical director for NHS London.
Qilin is believed to have demanded $50 million for the data, while claiming that its attack was politically motivated; it told the BBC the attack was in retaliation for the government's refusal to help in an unspecified war.
Conor Agnew, lead cyber security assessor at Closed Door Security, said while the attack may well have been conducted for political reasons, there is undoubtedly a financial motivation at play.
"Despite the actors stating the attack is politically motivated, it is most likely spurred by a desire to make money and financially benefit from the disruptions the incident is causing to patient care,” he said.
The latest leak, he added, is meant to ramp up the pressure on Synnovis to pay up, while demonstrating the highly sensitive data the Qilin now has in its possession.
Kevin Robertson, COO of Acumen Cyber, said questions still remain over how Synnovis will respond to the incident. Although authorities have been clear that negotiating with cyber crime groups is ill-advised, the frantic nature of ransomware attacks means some organizations succumb to pressure.
RELATED WHITEPAPER
"The UK government has made clear it will never negotiate with ransomware gangs, as they know this only fuels the industry. However, it’s not clear what approach a private organization like Synnovis will take. Clearly the organization is in a state of turmoil just now," he said.
"Other organizations must learn from this incident and work to harden their defenses against ransomware. These attacks are not going to go away, they are only going to increase, especially while Russia provides a safe haven for adversaries where they are celebrated for attacks, rather than penalized."
-
Cisco takes aim at AI security at RSAC with ServiceNow partnershipNews The companies claim Cisco AI Defense and ServiceNow SecOps will help address new challenges raised by AI
-
Why veterans can excel in data centers – and could help the IT sector address its skill shortagesIn-depth Ex-military workers can bring software and hardware to civilian roles
-
NHS supplier hit with £3m fine for security failings that led to attackNews Advanced Computer Software Group lacked MFA, comprehensive vulnerability scanning and proper patch management
-
Cyber attack delayed cancer treatment at NHS hospital
News A cyber attack at Wirral University Teaching Hospital in 2024 delayed critical cancer treatment for patients, documents show.
-
Alder Hey Children’s Hospital confirms hackers gained access to patient data through digital gateway serviceNews Europe’s busiest children’s hospital confirmed attackers were able to steal data from a compromised digital gateway service
-
Major incident declared as Merseyside hospitals hit by cyber attackNews The incident, which has led to cancelled appointments, is just the latest in a series of attacks on healthcare organizations
-
Ransomware group threatens to publish 3TB of stolen NHS Scotland data after posting proof of attackNews NHS Dumfries and Galloway has confirmed some of the sensitive data stolen during the 15 March attack has been published by a known ransomware operator
-
Attack on third-party software vendor disrupts NHS ambulance servicesNews The ambulance services serve more than 10 million people across the south of England
-
NHS data leak raises ‘serious questions’ about Manchester University cyber attackNews NHS patient data used for research purposes is believed to have been compromised in the June attack
-
Cyber attack on software supplier causes "major outage" across the NHSNews Unconfirmed reports suggest the attack may be ransomware-related, while the NHS contends with disrupted services on the 111 non-emergency line
