Connect with us

Horoscope

Russian hacking gang ‘behind massive NHS hospital attack’

Published

on

Guy’s and St Thomas’ and King’s College Hospital have been forced to cancel operations (Picture: Shutterstock)

A Russian group of cyber criminals called Qilin are thought to be behind a cyber attack which forced London hospitals to cancel operations, the ex-National Cyber Security Centre chief said.

Ciaran Martin said the attack on pathology services firm Synnovis has led to a ‘severe reduction in capacity’ and ‘it’s a very, very serious incident’.

Guy’s and St Thomas’ and King’s College Hospital, which includes the Royal Brompton and the Evelina London Children’s Services, have been forced to cancel operations and divert emergency patients.

This includes transplant surgeries as the cyberattack is affecting pathology labs, which includes blood transfusions.

Qilin is understood to be a Russian cyber gang that runs a ransomware-as-a-service model.

They operate using websites on the dark web and have a history of attacking organisations across the world.

The NHS confirmed this evening that operations and blood tests remain cancelled.

Asked on BBC Radio 4’s Today programme if it is known who attacked Synnovis, Mr Martin said: ‘Yes. We believe it is a Russian group of cyber criminals who call themselves Qilin.

‘These criminal groups – there are quite a few of them – they operate freely from within Russia, they give themselves high-profile names, they’ve got websites on the so-called dark web, and this particular group has about a two-year history of attacking various organisations across the world.

Have you been affected by cancellations? Email brooke.davies@metro.co.uk

‘They’ve done automotive companies, they’ve attacked the Big Issue here in the UK, they’ve attacked Australian courts. They’re simply looking for money.’

He said it is ‘unlikely’ the Russian hackers would have known they would cause such serious primary healthcare disruption when they set out to do the attack.

In an email seen by The Sunday Times, Professor Ian Abbs, chief executive officer of Guy’s and St Thomas’ NHS Foundation Trust, said an ‘ongoing critical incident’ was affecting the pathology services.



Latest London news

To get the latest news from the capital visit Metro.co.uk’s London news hub.

Ciaran Martin, the ex chief executive of the National Cyber Security Centre, said Russia is likely to be behind the attack(Picture: PA)

It reads: ‘I can confirm that out pathology partner Synnovis experienced a major IT incident earlier today, which is ongoing and means that we are not currently connected to the Synnovis IT servers.

‘The incident is also affecting King’s College Hospital NHS Foundation Trust and primary care across south east London.

‘This is having a major impact on the delivery of our services, with blood transfusions being particularly affected.

‘Some activity has already been cancelled or redirected to other providers at short notice as we prioritise the clinical work that we are able to safely carry out.’



Who are Qilin?

Qilin is understood to be a Russian cyber gang that runs a ransomware-as-a-service model.

They operate using websites on the dark web, according to Ciaran Martin, the former chief executive of the National Cyber Security Centre.

Qilin has previously targeted publishing and social enterprise group the Big Issue Group.

Reports by Computer Weekly in March suggest the hackers claimed an attack during which the company’s IT systems were broken into and confidential data was stolen.

This included information on staff, such as addresses, passport scans and payroll information.

In January, reports in Australia suggested Qilin had hacked the systems used by courts in the state of Victoria.

Hackers allegedly gained access to recordings of hearings that occurred between November and December.

Qilin also claimed an attack on Yanfeng Automotive Interiors, a major supplier of car parts headquartered in China, last year.

Some procedures have been cancelled or have been redirected to other NHS providers as hospital bosses continue to establish what work can be carried out safely.

One patient, Oliver Dowson, 70, was prepared for an operation from 6am on Monday June 3, at Royal Brompton when he was told by a surgeon at about 12.30 that it would not be going ahead.

He said: ‘The staff on the ward didn’t seem to know what had happened, just that many patients were being told to go home and wait for a new date.

‘I’ve been given a date for next Tuesday and am crossing my fingers – it’s not the first time that they have cancelled, they did it on May 28 too, but that was probably staff shortages in half term week.’

The cyberattack is affecting pathology labs, which includes bloods transfusions (Picture: Shutterstock)

A spokesman for King’s College Hospital in London confirmed it was affected by the cyber attack which is reported to have hit several NHS trusts in the capital.

The incident is thought to have occurred on Monday, meaning some departments could not connect to their main server.

In a letter to staff, King’s said the ‘major IT incident’ was having a major impact on the delivery of services, with blood transfusions particularly affected.

Some procedures have been cancelled or redirected to other NHS providers, it said.

NHS England London said: ‘The ransomware cyber-attack on Synnovis is continuing to cause disruption to services at Guy’s and St Thomas’ NHS Foundation Trust, King’s College Hospital NHS Foundation Trust and primary care providers in south east London.

‘All urgent and emergency services remain open as usual and the majority of outpatient services continue to operate as normal.

‘Unfortunately, some operations and procedures which rely more heavily on pathology services have been postponed, and blood testing is being prioritised for the most urgent cases, meaning some patients have had phlebotomy appointments cancelled.

‘We are sorry to all patients impacted and NHS staff will work hard to re-arrange appointments and treatments as quickly as possible.

‘Patients should access services in the normal way by dialling 999 in an emergency and otherwise use NHS 111 through the NHS App, online or on the phone. Patients should continue to attend appointments unless they are told otherwise by the clinic team.

‘NHS England has deployed a cyber incident response team, which is working round the clock to support Synnovis and provide emergency guidance, as well as coordinating with health services across the capital to minimise disruption to patient care.’

According to the Health Service Journal (HSJ), several senior sources have told it the system has been the victim of a ransomware attack.

One said gaining access to pathology results could take ‘weeks, not days’.

There are suggestions urgent and emergency care at the hospitals will be affected as they may not be able to access quick-turnaround blood test results.

Synnovis is a provider of pathology services and was formed from a partnership between SYNLAB UK & Ireland, Guy’s and St Thomas’ NHS Foundation Trust, and King’s College Hospital NHS Foundation Trust.

Get in touch with our news team by emailing us at webnews@metro.co.uk.

For more stories like this, check our news page.


MORE : Brain size could have a major impact on autism severity


MORE : How can I help displaced people in Gaza?


MORE : This is what it was like as a child in London during the Blitz

Continue Reading