A Russian criminal gang specialising in ransomware-as-a-service (RaaS) is being blamed for an ongoing cyberattack that crippled four major London hospitals and local primary care this week.
The Synnovis pathology reporting system used at Guy’s and St Thomas’ NHS Foundation Trust, and King’s College Hospital NHS Foundation Trust appeared to be the victim of the ransomware attack, resulting in interruptions to many services and preventing communication with GP services across six London boroughs.
The incident did not affect urgent and emergency services and the majority of outpatient services were unaffected but some operations and procedures which rely more heavily on pathology services were postponed.
Blood testing was prioritised for the most urgent cases, meaning some patients had phlebotomy appointments cancelled.
In a statement issued the day after the attack, Synnovis said a taskforce of IT experts from Synnovis and the NHS was working to fully assess the impact the incident has had, and to take the appropriate action needed.
“We are working closely with NHS Trust partners to minimise the impact on patients and other service users,” it said.
The incident has been reported to law enforcement and the Information Commissioner, and Synnovis is working with the National Cyber Security Centre and the Cyber Operations Team on investigating the incident, Synnovis CEO Mark Dollar said.
“We take cybersecurity very seriously at Synnovis and have invested heavily in ensuring our IT arrangements are as safe as they possibly can be,” Mr Dollar said.
“This is a harsh reminder that this sort of attack can happen to anyone at any time and that, dispiritingly, the individuals behind it have no scruples about who their actions might affect.”
In an interview with the BBC Radio 4’s Today programme, former head of the UK National Cyber Security Centre, Ciaran Martin, laid the blame for the attack at the feet of the Qilin gang. The group operates out of eastern Europe and has been blamed for previous ransomware cyberattacks on healthcare and education targets.
Mr Martin told the BBC that the attack was “one of the more serious that we’ve seen in this country”.
“It’s not really a question of data in this one, it’s a question of the services,” he said. “The criminals are threatening to publish data, but they always do that. Here, the priority is the restoration of services.”
In a statement issued on Wednesday, June 5, NHS London said the attack was continuing to cause disruption to services. It apologise to all patients impacted and said NHS staff will work hard to re-arrange appointments and treatments as quickly as possible.
Synnovis, formerly known as Viapath, is a partnership between pathology provider SYNLAB and the two NHS trusts.
It completed a go-live of a new laboratory information management system (LIMS) in 2023 to consolidate existing lab systems into one provided by Epic, as part of the £450 million Epic EPR go-live at Guy’s and King’s College that year.