Critical NHS Hospital Appointments Cancelled After Synnovis Cyber Attack

London's major hospitals are still feeling the aftershocks of a cyber attack that struck key pathology service provider Synnovis last month.

Officials report that over 6,300 appointments and procedures have been postponed at King's College Hospital NHS Foundation Trust and Guy's and St Thomas' NHS Foundation Trust since the attack on June 3rd.

Synnovis is a vital lab service that processes blood tests and other diagnostic analyses for NHS organizations in southeast London. The disruption caused by the ransomware attack significantly impacted the hospitals' ability to deliver services.

Hospital officials report that most services are now functioning at "near normal" levels. This indicates significant progress has been made in restoring functionality after the cyber attack.

However, there's still a road to recovery for pathology services, which remain at only 54% of their pre-attack capacity.

Pathology services encompass crucial tests like blood work and tissue analysis, forming the backbone for many diagnoses and treatment plans. Reduced capacity in this area could lead to delays in delivering critical healthcare services.

Read:  Patient Data Leaked Following Change Healthcare Cyber Attack

On July 1st Synnovis released a statement confirming that "almost all Synnovis IT systems were affected by this criminal attack, impacting everything from our analysers" ability to identify and process incoming samples, through to the actual transmission of test results."

"They go on to explain that ‘many of these processes have had to revert to paper and manual, rather than electronic, protocols which has significantly affected capacity and delivery timeframes."

Who is behind the Synnovis Cyber Attack?

The culprit is suspected to be a Russian cybercriminal group called Qilin. The cyber-criminal group, shared almost 400GB of information on their darknet site on Thursday night. 

Qilin is a relatively new cybercriminal group, believed to have emerged in October 2022. They are thought to be a Russian-speaking group, though their location remains unknown.

They have primarily targeted high-value organizations including healthcare, education and publishing. Their attacks usually involve ransomware, a type of malware that encrypts a victim's data and demands a ransom payment for decryption.

Qilin reportedly uses multiple ransomware variants, including Golang and Rust, with the Rust version being particularly sophisticated 

The gang initially threatened to leak this information in order to extort money from Synnovis in a huge ransomware attack. 

NHS England have said that there is currently "no evidence" that test results have been published, but that "investigations are ongoing".

“We are very aware of the impact and upset this incident is causing to patients, service users and frontline NHS colleagues, and for that I am truly sorry.

While progress has been made, there is much yet to do, both on the forensic IT investigation and the technical recovery. We are working as fast as we can and will keep our service users, employees and partners updated,” reads a statement released by CEO of Synnovis, Mark Dollar.

A sample of the stolen data reveals that it included sensitive information like patient names, dates of birth, NHS numbers, and even descriptions of blood tests. Cybersecurity expert Ciaran Martin called this attack "one of the most significant and harmful cyber attacks ever in the UK," emphasizing the seriousness of the data breach and its potential impact on patients. 

The stolen data also included business account spreadsheets outlining financial arrangements between hospitals, GP services, and Synnovis. 

Qilin were able to infiltrate the Synnovis computer systems and encrypt vital information used by the NHS, making IT systems completely useless.

What to do if you are a victim of the Synnovis Cyber attack?

If you are concerned that your data has been compromised in the Synnovis cyber attack the NHS has set up a helpline specifically for people impacted by the attack. You can call them at 0345 8778967 to ask about your data and receive support.

However, it’s important to be wary of phishing attempts: Scammers may try to capitalize on the attack by sending emails or making calls pretending to be the NHS or Synnovis. Don't click on any suspicious links or attachments in emails, and never give out personal information over the phone unless you're absolutely certain of the caller's identity.

While the stolen data appears to be primarily personal information, there might be a risk of identity theft. You can consider enrolling in a credit monitoring service to be alerted of any suspicious activity on your accounts.

Keep an eye out for updates from the NHS and Synnovis via official channels regarding the investigation and the data involved. This will help you understand the potential risks and take necessary precautions.