Held to ransom: Resilience lessons on London’s hospitals cyber attack
On June 3rd, a cyber-attack hit London’s major hospitals. A ransomware attack[1] on lab pathology service Synnovis severely impacted delivery of services to their hospital partners and primary care services in south-east London. Thousands of patients are thought to be affected as hospitals were forced to cancel non-emergency patient operations and divert emergency cases elsewhere.
In an interview with BBC Radio 4’s Today programme former chief executive of the National Cyber Security Centre, Ciaran Martin, said he believed the attack was most likely carried out by a Russian cybercriminal group known as Qilin, however, this is currently unconfirmed by Synnovis.
In their official statement, Synnovis said ‘This is a harsh reminder that this sort of attack can happen to anyone at any time’ and that they are working with the National Cyber Security Centre to fully understand the incident. Experts believe it may take weeks to minimize the disruption to patient health services.
The newly released BCI Update Series: Cyber Resilience 2024 indicates that cyber-attacks have consistently risen over the past five years with 75% of organizations seeing a rise in cyber-attacks and 39.4% experiencing a successful attack over the past 12 months. Moreover, ransomware, the type of attack that crippled Synnovis, was the third most disruptive type of cyber-attack affecting businesses in 2024 and the top threat for over 90% of organizations in the next five years. As a result of cyber-attacks, healthcare and public service respondents reported unquantifiable reputational damage, IT and telecom outages, potential data breach or loss, and physical security concerns for patients.
The cause of Synnovis’ malware breach isn’t yet known, but the BCI’s report highlights human factors as the main reason for cyber disruption. Employees opening malicious emails is the main source for ransomware attacks on public service organizations, with insider threats such as data breaches from staff members taking second place.
In order to combat the increasing risk of cyber-attack, practitioners should emphasise the importance of training and exercising for all staff and highlight the potentially disastrous consequences of breaches on their organizations. They should also seek the support of top management to implement cyber resilience strategies throughout their organisations and prepare robust business continuity plans that address reputational damage, co-ordinating with internal communication departments to minimize potential fallout.
To support strong cyber resilience, the BCI’s Cyber Resilience Special Interest Group brings together topic experts so they can share their experiences and provide guidance for organizations. The intention is to leverage collective experience and explore new ideas to bring thought leadership into the cyber resilience space. Read about this proactive and skilled group here.
Citations
[1] According to the UK National Cyber Security Centre, a ransomware attack is a type of malware attack that prevents access to devices and stored data until a ‘ransom’ fee is paid. It’s a costly and disruptive cyber-attack that can lead to lengthy disruptions and permanent information loss. Certain organizations have paid out millions to avoid data losses and reputational damage after a ransomware strike.