The UK’s National Health Service (NHS) has been left reeling in the wake of a devastating ransomware attack. The attack took place last week on June 3rd. A vulnerability in the health service’s supply chain led to a successful cyber attack against medical diagnostics company Synnovis.
The breach caused huge disruption to pathology and testing, essential services that hospitals rely on for routine diagnostics. Multiple hospitals across London were forced to suspend services. This lead to postponed operations, as well as other critical delays to lifesaving care. In particular, healthcare providers have struggled to match blood to patients, as attackers made vital patient data unavailable.
Now, disruptions are expected to persist for days, or even weeks. As a result, the NHS’ delicate, complex, and absolutely mission critical blood supply chain is at risk. The attack is believed to be the work of Russian group Qilin.
Devastated patient data
Reportedly, the disruption has resulted in the cancellation of more than 200 emergency and life-saving operations. In addition, hundreds of urgently referred appointments for suspected cancer patients were delayed and rescheduled.
Professor John Clark, Professor of Computer and Information Security at the University of Sheffield, commented: “Patient safety is of paramount concern and the accuracy of results is essential, so it is important to stress that unless it is known what has happened to the system, the accuracy of any stored data cannot be ensured. Determining whether stored data has been manipulated may simply not be possible and tests may have to be rerun and results re-recorded.”
In the wake of the successful cyber attack, multiple London hospitals experienced the knock-on effects of disruption to pathology service provider Synnovis, including King’s College hospital—a major trauma centre that treats over 450 patients per day—and Guy’s and St Thomas’.
As a result, critical decisions on patient care are currently being made by doctors without access to crucial lab results.
Bad blood (supply chain)
The attack has had a profound impact on blood transfusions and test results, leading the NHS to launch an appeal for O blood-type donations.
The blood supply chain is a particularly precarious and fast moving operation. The process obviously starts with the blood donor and ends with it being administered to the patient. However both supply and demand are inherently unpredictable. Not only this, but harvested blood only remains medically viable for about 35 days. These factors together limit the resilience of the blood supply chain, making it especially vulnerable to these types of disruptions.
Various external factors affect the blood supply chain, according to the International Society of Blood Transfusion. The “number of donors who are willing to donate regularly, seasonal factors affecting donation e.g. public holidays, the blood services ability to adequately predict the number of units of blood required throughout the year and to ensure that they do not overstock and therefore increase wastage, the clinicians’ awareness of appropriate blood ordering and transfusion and the hospital laboratories ability to ensure sufficient stock yet have minimal wastage” all play a role.
Particularly relevant to the current NHS crisis is the fact that the country is coming out of two bank holidays and a school half term holiday—all events which deplete the supply of blood through increased demand and disrupted collection.
The first of many?
The attack on the NHS’ supply chain partner is unlikely to be the last this year, according to experts.
Dr Christian Schroeder de Witt, Postdoctoral Research Assistant in Artificial Intelligence, University of Oxford, warned of the “possibility of such incidents occurring increasingly frequently ahead of the elections. While we do not yet seem to know who is behind these specific attacks, we do know that ransomware attacks on critical infrastructure such as hospitals are part of the playbook of hybrid warfare.”
“It is still early days, and we are trying to understand exactly what has happened,” it said in a statement. “We take cybersecurity very seriously at Synnovis and have invested heavily in ensuring our IT arrangements are as safe as they possibly can be. This is a harsh reminder that this sort of attack can happen to anyone at any time and that, dispiritingly, the individuals behind it have no scruples about who their actions might affect.”
Only a few weeks earlier, the Italian subsidiary of Synlab was badly affected by a ransomware attack. Credit for the attack was later claimed by an affiliate operating on the Black Basta ransomware-as-a-service (RaaS) platform.
RaaS is a cybercrime business model in which a ransomware group sells code or malware to other groups of hackers. These hackers then deploy it against targets like the NHS. According to IBM’s X-Force Threat Intelligence Index, ransomware was the second most common type of cyber attack in 2022. Many experts believe the rise of RaaS has played a role in keeping ransomware so prevalent.
- Risk & Resilience