The National Health Services (NHS) of England says several major hospitals in London were forced to divert patients and cancel services on Tuesday in the wake of an ongoing cyberattack on a third-party lab provider.
The King’s College teaching hospital, along with Guy’s and St. Thomas’ hospitals, Evelina London Children's Hospital, and Royal Brompton have all been affected, according to local media reports.
“On Monday June 3rd, Synnovis, a provider of lab services, was the victim of a ransomware cyberattack,” the NHS London said in a statement sent to Cybernews.
“This is having a significant impact on the delivery of services at Guy’s and St Thomas’, King’s College Hospital NHS Foundation Trusts, and primary care services in southeast London, and we apologize for the inconvenience this is causing to patients and their families,” the NHS said.
Synnovis is the primary pathology lab used in partnership with SYNLAB and the NHS Foundation Trust facilities and is considered one of the largest pathology service providers in the UK.
Synnovis CEO Mark Dollar released an official statement on its website Tuesday, stating the attack has “affected all Synnovis IT systems, resulting in interruptions to many of our pathology services.”
The CEO also stressed that the lab takes its “cybersecurity very seriously” and “invests heavily” in its IT infrastructure.
“This is a harsh reminder that this sort of attack can happen to anyone at any time and that, dispiritingly, the individuals behind it have no scruples about who their actions might affect,” the Dollar said.
It's being reported that the attack has left the hospitals unable to connect to Synnovis IT servers.
“Regrettably this is affecting patients, with some activity already canceled or redirected to other providers as urgent work is prioritized,” Synnovis stated.
The UK's Metro news outlet reported that due to the delay in delivering timely test results and diagnostic services, many surgical operations are being canceled, including all transplant surgeries, due to a lack of blood transfusions.
“Being in a situation where patients can’t receive life-saving blood transfusions because the hospital isn’t equipped to defend against cyber attacks is simply unacceptable; the NHS is in critical condition without the threat of cyber warfare,” said Andrew Whaley, Senior Technical Director of Norway-based cybersecurity firm Promon.
Whaley said that healthcare organizations caring for millions of people should never have to find themselves struggling to carry out their primary function of 'saving lives' due to an IT issue.
Healthcare sector is prime target
According to the NHS, emergency services continue to operate, although some patients have reported staff being unsure of what was happening.
Other reports stated that some patients are being redirected to other hospitals, while others are being sent home to wait further scheduling instructions.
Meantime, the NHS said it is “working urgently to fully understand the impact of the incident with the support of the government’s National Cyber Security Centre and our Cyber Operations team.”
So far, it’s not clear what caused the breach, or if any specific threat actor is behind it.
Ransomware attacks on the healthcare industry as a whole have increased significantly over the past year. Whaley attributes the uptick to “lives on the line.”
“While no sector is invulnerable to these attacks… healthcare providers have proven time and time again that they’re the most willing to pay a ransom following these incidents," Whaley said.
“Bad actors know this and smell blood in water,” he added.
Whaley pointed out that the rise in state-sponsored cyberattacks combined “with the further digitization of the NHS paints a pretty grim picture for the defensive capabilities of the British healthcare sector… and possibly a warning sign of much larger attacks to come.”
The NHS said it will continue to provide updates for local patients and the public about the impact on services and how they can continue to get the care they need.
Your email address will not be published. Required fields are markedmarked