NHS and Tech Company Collaborating to Investigate Alleged Data Breach Online
The hack impacted software used by hospitals to match patients with their correct blood types, causing delays in operations and appointments.
The NHS and tech firm Synnovis are currently investigating allegations that a cybercriminal group has shared data online that was obtained after a ransomware attack on several London hospitals.
In a statement on Friday, NHS England acknowledged that hackers had released data on Thursday night claiming it belonged to Synnovis and was stolen in the attack.
The health authority is collaborating with Synnovis, the National Cyber Security Centre (NCSC), and others to swiftly assess the content of the leaked files, including whether it pertains to NHS patients.
Synnovis, a provider of pathology services to multiple southeast London hospitals, stated on Friday that they are taking the situation seriously and have begun analyzing the data.
On June 3, hackers launched a ransomware attack on Synnovis, affecting IT systems at Guy’s and St. Thomas’ NHS Foundation Trust, King’s College Hospitals NHS Trust, the Royal Brompton, and Evelina Children’s Hospital.
Operations and Appointments Affected
The ransomware attack disrupted hospitals’ ability to match patients with their correct blood types, leading to the rescheduling of operations and blood tests. This prompted an urgent appeal from the NHS for individuals with “universal” O blood types to donate.
Related Stories
The NHS has indicated that donations will be crucial in the coming weeks to maintain services, as the impact of the attack is likely to persist. Urgent and emergency services are operating as normal.
According to a recent update by the NHS, while most planned activities proceeded as scheduled, thousands of appointments and operations had to be rescheduled.
Between June 10 and 16, over 1,294 outpatient appointments and 320 elective procedures were postponed at the King’s College Hospital NHS Foundation Trust and Guy’s and St. Thomas’ NHS Foundation Trust due to the attack.
NHS London’s medical director Dr. Chris Streather noted, “While some services are nearing normal levels and there has been a reduction in the number of postponed operations, the Synnovis cyber-attack continues to significantly impact NHS services in South East London.”
Dr. Streather mentioned that mutual aid agreements between NHS labs have started to positively impact primary care providers by increasing the availability of blood tests for critical cases.
Cyber Crime Gang Leader Sanctioned
A ransomware attack is a type of malware that prevents users from accessing data, with hackers demanding a ransom to restore access or avoid sharing the data publicly.
The NCSC and the National Crime Agency identified LockBit as the primary ransomware threat to the UK, having targeted over 200 British businesses and public service providers.
Ransomware attacks, however, represent a relatively low percentage compared to other forms of digital attacks and hacking attempts in certain sectors.
The most common breaches were phishing attacks, followed by criminals impersonating organizations in emails, viruses/spyware/malware (excluding ransomware), and hacking or attempted hacking of bank accounts.
PA Media contributed to this report.
