NHS cyber-attack | What is the latest news?

Updated 21st June 2024

Data from the ransomware attack was published by the cyber criminals Qilin overnight on Thursday 20th June. The group was attempting to extort money from NHS provider Synnovis, stating that the data would be published unless they were paid. Almost 400gb of the private data, including patient names, dates of birth, NHS numbers and descriptions of blood tests was shared on the group’s darknet site and Telegram channel. The NHS has stated to the BBC that they are aware of the publication, but could not be sure the shared data was real.

Synnovis stated “We know how worrying this development may be for many people. We are taking it very seriously and an analysis of this data is already underway.”

The NHS has posted an update on the incident covering the attack, its impact, and their actions. They have notably released data that, during the first week after the attack (3-9 June), more than 800 planned operations and 700 outpatient appointments needed to be rearranged.

Updated 10th June 2024

The ransomware attack has led to delays in the affected hospitals matching patients’ blood types for transfusions. Due to this delay, the hospitals need to use O-type blood, which is safe for all patients. As a knock-on affect of the attack, more units of O-type blood are now needed than usual, forcing the NHS to appeal for additional donations.

Medical director for NHS England, Professor Stephen Powis, said: “NHS staff are continuing to go above and beyond to minimise the significant disruption to patients following the ransomware cyber-attack on Synnovis earlier this week. To help London staff support and treat more patients, they need access to O-negative and O-positive blood.”

Updated 6th June 2024

Former National Cyber Security Centre Chief Executive Ciaran Martin told the BBC they believe a Russian hacking group is behind the attack. In an interview with BBC Radio 4’s Today programme, he stated ‘We believe it is a Russian group of cyber criminals who call themselves Qilin.’

The National Cyber Security Centre continues to investigate the attack alongside NHS officials.

Updated 5th June 2024

In a press release from Synnovis, CEO Mark Dollar has stated ‘On Monday 3 June, Synnovis – a partnership between two London-based hospital Trusts and SYNLAB – was the victim of a ransomware cyberattack. This has affected all Synnovis IT systems, resulting in interruptions to many of our pathology services.’

They also noted that ‘The immediate impact is on patients using NHS services within the two partner hospitals, as well as GP services across Bexley, Greenwich, Lewisham, Bromley, Southwark and Lambeth boroughs’.

A spokesperson from Hyve Managed Hosting commented in TechRound ‘This attack on major London hospitals highlights the issues that can arise when an organisation fails to diversify their digital infrastructure. In this case, when NHS pathology partner, Synnovis, was hit by a cyber attack, it had a major impact – not only on digital operations, but on the delivery of patient care and services, including major surgeries being postponed.’

Updated 4th June 2024

In a developing situation, many NHS hospitals have had services disrupted by the major cyber-attack. The incident is understood to have been a ransomware attack on Synnovis, an outsourced provider of lab services to NHS trusts across south-east London. The private firm has shut off connections to their servers to limit the risk of the infection spreading, meaning hospitals are unable to access services.

Affected hospitals identified so far include Guy’s, and St Thomas’ NHS trust, with further locations expected to announce issues. Blood transfusions have been particularly impacted, with a number of procedures cancelled or rescheduled.

NHS England have declared a level three incident – the second highest alert level. A senior NGS source told The Independent that the incident could take weeks or months to resolve.