NHS hospitals in London have been disrupted following a ransomware attack on laboratory services provider Synnovis. This has impacted primary care services and blood transfusion. The consequences for blood donor matching are especially acute and the attack has put lives at risk and King’s College Hospital, Guy’s and St Thomas’ (including the Royal Brompton and the Evelina London Children’s Hospital) and primary care services in London declared a critical incident after the IT attack.
According to The Guardian, six NHS trusts and scores of general medical practices in south-east London, which serve 2 million patients, have been struggling to deliver many types of care.
The attack is thought to be by the Qilin gang, a network of Russian cybercriminals. It is not yet clear how long the disruption will last.
The NHS has launched an urgent appeal for O blood-type donors following the ransomware attack. Blood from universal donors is the best hope for those needing a blood transfusion, without the capability to match for a specific blood group.
Following this news, Kevin Kirkwood, Deputy CISO at LogRhythm explains to Digital Journal about the attack and the repercussions of ransomware on the healthcare sector.
Kirkwood begins by explaining just why the attack has been so disruptive: “The interconnected nature of modern healthcare systems, coupled with reliance on third-party providers, poses significant risks to healthcare providers, as recently evidenced by the ransomware attack on Synnovis.”
Second Kirkwood reiterates the impact of the cyberattack and the range of health services affected: “The repercussions of this ransomware attack extend beyond operational and financial disruptions. It compromised blood transfusion IT systems, directly impacting and endangering patient health.”
Kirkwood also says: “This not only highlights the immediate impact of ransomware attacks on healthcare facilities but also erodes public trust in the very institutions responsible for safeguarding our health and well-being.”
The last comment is a little emotive, given the affection that the general public hold for the NHS in the UK. Nonetheless, the interconnected nature of healthcare IT systems shows the extent of damage that can be caused by cyberactivity.
In terms of lessons to be learnt, Kirkwood advises: “Traditional reactive approaches are no longer sufficient to mitigate these threats. Healthcare providers need to implement robust security measures that encompass not just their own systems but also those of their third-party partners.”
As a future safeguard, Kirkwood says: “This includes continuous monitoring, regular security assessments, and comprehensive incident response plans.”
He concludes: “By adopting these strategies, healthcare organizations can better protect their critical infrastructure and, most importantly, ensure the safety and trust of their patients.”