Russian cyber criminal gang behind ransomware attack on London hospitals that forced cancellation of major surgeries

5 June 2024, 10:11

Russian cyber criminal gang behind ransomware attack on London hospitals that forced cancellation of major surgeries
Russian cyber criminal gang behind ransomware attack on London hospitals that forced cancellation of major surgeries. Picture: Alamy

By Christian Oliver

Russian cyber criminals are behind a ransomware attack affecting London's hospitals that has prevented patients from undergoing major surgeries and blood transfusions.

Listen to this article

Loading audio...

A "critical incident" has since been declared that has led to a "severe reduction in capacity" since the attack midday Monday.

Memos to NHS staff at King's College Hospital, Guy's and St Thomas', the Royal Brompton and the Evelina London Children's Hospital, as well as primary care services in the capital, said there had been a "major IT incident".

Former chief executive of the National Cyber Security Centre Ciaran Martin said the Russians were behind the attack which targetted London's NHS services though pathology firm Synnovis.

"We believe it is a Russian group of cyber criminals who call themselves Qilin," Mr Martin said.

Ciaran Martin during an international panel discussion on global cyber issues in Glasgow.
Ciaran Martin during an international panel discussion on global cyber issues in Glasgow. Picture: Alamy

Read More: King and Queen join veterans to mark 80th anniversary of D-Day as commemorations begin in England and France

Read More: LIVE: King Charles to join veterans at D-Day 80th anniversary commemorations

"These criminal groups - there are quite a few of them - they operate freely from within Russia, they give themselves high-profile names, they've got websites on the so-called dark web, and this particular group has about a two-year history of attacking various organisations across the world," he told BBC Radio 4's Today Programme.

"They've done automotive companies, they've attacked the Big Issue here in the UK, they've attacked Australian courts. They're simply looking for money."

He said it is "unlikely" the Russian hackers would have known they would cause such serious primary healthcare disruption when they set out to do the attack.

He added: "There are two types of ransomware attack. One is when they steal a load of data and they try and extort you into paying so that isn't released, but this case is different. It's the more serious type of ransomware where the system just doesn't work.

"So, if you're working in healthcare in this trust, you're just not getting those results so it's actually seriously disruptive. "This type of ransomware has affected healthcare all over the world.

"It's particularly damaging in the United States, and where this type of cyber attack is different in terms of its impact from others, is that it does affect people's healthcare. So it's really one of the more serious that we've seen in this country."

He said the Government has a policy of not paying but the company would be free to pay the ransom if it chose to. Regarding patient data, he said: "It's not really a question of data in this one, it's a question of the services.

"The criminals are threatening to publish data, but they always do that. Here the priority is the restoration of services."

Ambulance Entrance of A&E at King's College Hospital, London
Ambulance Entrance of A&E at King's College Hospital, London. Picture: Alamy

Synnovis is a provider of pathology services and was formed from a partnership between SynLab UK & Ireland, Guy's and St Thomas' NHS Foundation Trust and King's College Hospital NHS Foundation Trust.

Some procedures and operations at the hospitals have been cancelled or have been redirected to other NHS providers as hospital bosses establish what work can be carried out safely.

NHS officials said they are working with the National Cyber Security Centre to understand the impact of the attack. Synnovis said the incident has been reported to law enforcement and the Information Commissioner.

Health Secretary Victoria Atkins said on Wednesday that her "absolute priority is patient safety".

On social media site X, formerly Twitter, Ms Atkins wrote: "Throughout yesterday I had meetings with NHS England and the National Cyber Security Centre to oversee the response to the cyber attack on pathology services in south-east London.

"My absolute priority is patient safety and the safe resumption of services in the coming days."

The Health Service Journal (HSJ) reported one senior NHS manager saying: "It's everyone's worst nightmare. The difficulty will be that when you have total system downtime, the volumes of tests will be huge. Even if you could transport samples around London to other labs how would you get the results back as they are not integrated in that way?

"Urgent tests will have to be managed onsite. They will no doubt be asking GPs to send urgent tests only, to manage volumes."

Another source told the HSJ the attack presented a huge problem for urgent and emergency care at the hospitals as they would not be able to access quick-turnaround blood test results.

Synnovis said on Wednesday it was unable to comment further on the attack but confirmed a taskforce of IT experts from the firm and the NHS were working to fully assess the impact and what action is needed.

A spokesman for NHS England London region said on Tuesday that Monday's incident was "having a significant impact" on the delivery of services at Guy's and St Thomas', King's College Hospital NHS Foundation Trust and primary care services in south-east London.

More Latest News

See more More Latest News

A burnt out car in the Leeds suburb of Harehills, after vehicles were set on fire and a police car was overturned as residents were warned to stay home following an outbreak of disorder on Thursday evening. Picture date: Friday July 19, 2024.

Man charged with arson after bus set on fire in Leeds riots over children allegedly removed from local family

Craig Revel Horwood has said the recent allegations have come as a 'shock' to him

Strictly Come Dancing judge Craig Revel Horwood breaks silence after 'shock' of dancing show's abuse allegations

A series of Israeli strikes have been launched against the Houthi-controlled port city of Hodeidah in Yemen

Israel launches series of air strikes on Houthi-controlled city in Yemen day after group claim deadly attack on Tel Aviv

Jay Slater and his mum, Debbie Duncan

Jay Slater's GoFundMe page hits £70k after teen's mum appeals for funeral donations

Holidaymakers have been left stranded during global IT outage

'We're not being given any information': Furious holidaymaker stranded in Rhodes tells of travel hell after IT outage

A burnt out car in the Leeds suburb of Harehills, after vehicles were set on fire and a police car was overturned as residents were warned to stay home following an outbreak of disorder on Thursday evening. Picture date: Friday July 19, 2024.

Further unrest in Leeds as hundreds take to streets to 'demand return of children' allegedly removed from local family

NHS England has warned of "continued disruption" to GP services into next week.

NHS warns of GP disruption after global IT outage as trains, planes and roads remain in chaos leaving Brits stranded

Planes, trains and roads have been hit by travel chaos following Friday's IT outage.

Holiday hell: Trains, planes and roads in chaos after global IT outage - with thousands of Brits stranded abroad

Graham Gomm

Prisoner who escaped custody at HMP Wormwood Scrubs during hospital trip is arrested following manhunt

Charles and Camilla attend the King's Parade outside Pomme d'Or Hotel, Liberation Square in St Helier, Jersey

Charles and Camilla 'rushed to safety by security' after suspect 'spotted on roof' just days after Trump rally shooting

A highway bridge collapsed in northwest China.

At least 12 people dead and more than 30 missing after China bridge collapses due to flooding

Ray Reardon has died

Snooker legend Ray Reardon dies aged 91 after cancer battle

Steve Baker and Tom Tugendhat

Top Tory reveals why he is backing Tom Tugendhat to 'put the party back together' as leader

The National Lottery site and app is down

National Lottery down as users unable to access site and app day after global IT outage

Thousands of flights were cancelled across the globe on Friday.

Travel misery continues as global IT outage 'could take weeks to clear' - with over 5,000 flights cancelled worldwide

Nadiya Bychkova allegedly made a complaint to Strictly bosses

Strictly pro Nadiya Bychkova breaks silence over 'complaint' amid misconduct scandal