A ransomware attack targeting Synnovis, a provider of pathology and diagnostic services, has disrupted healthcare services at several major NHS hospitals in London.
Although Synnovis has not yet released a public statement about the June 3 ransomware attack, memos from partner hospitals indicate that this "ongoing critical incident" has significantly impacted healthcare services across southeast London.
Professor Ian Abbs, CEO of Guy's and St Thomas' NHS Foundation Trust, commented, "Our pathology partner Synnovis experienced a major IT incident earlier today, which is ongoing and means that we are not currently connected to the Synnovis IT servers. This is having a major impact on the delivery of our services, with blood transfusions being particularly affected. Some activity has already been cancelled or redirected to other providers at short notice as we prioritize the clinical work that we are able to safely carry out."
Hospitals affected by the attack include King's College Hospital, Guy's Hospital, St Thomas' Hospital, Royal Brompton Hospital, and Evelina London Children's Hospital.
An NHS UK spokesperson stated, "Emergency care continues to be available, so patients should access services in the normal way by dialing 999 in an emergency and otherwise using 111, and patients should continue to attend appointments unless they are told otherwise. We are working urgently to fully understand the impact of the incident with the support of the government’s National Cyber Security Centre and our Cyber Operations team."
Due to the inability to perform certain procedures safely, some hospitals have had to cancel or redirect healthcare procedures, including surgeries. Urgent and emergency care services are also likely to be affected since quick-turnaround blood test results are no longer available.
An alert on Synnovis' customer service portal warns of issues at its data center, rendering all systems currently inaccessible.
The history behind Synnovis
Synnovis, previously known as Viapath and established as GSTS Pathology in 2009, rebranded in October 2022. It is a partnership between SYNLAB UK & Ireland, Guy's and St Thomas' NHS Foundation Trust, and the King's College Hospital NHS Foundation Trust.
In late April, Synlab Italia, part of the SYNLAB group operating 380 labs and medical centers across Italy, suspended all medical diagnostic and testing services after shutting down its IT systems to contain a ransomware attack. Additionally, in March, the Dumfries & Galloway NHS health board in Scotland experienced a ransomware attack.
Although the INC Ransom extortion gang behind the breach didn't encrypt any systems, they leaked approximately 3TB of stolen patient and staff personal information on their dark web leak site on May 6 after the NHS board refused to interact with them and ignored their ransom demands. However, the attackers failed to access patients' health information stored on a separate system that remained secure during the attack.
NHS Dumfries & Galloway reported on May 21 that "services have continued to run as normal. No patient appointments or operations have had to be cancelled or rescheduled."
Can this be avoided?
While it is impossible to guarantee that ransomware attacks can be completely avoided, implementing robust cyber security measures can significantly reduce the risk. Having comprehensive processes and procedures in place, such as regular system updates, employee training, and network monitoring, can help prevent attacks like the one on Synnovis.
Alongside robust security measures being put in place, a well-prepared incident response plan is crucial for minimising damage and ensuring a swift recovery when breaches do occur. By focusing on proactive security strategies and preparedness, organisations can better protect themselves against the growing threat of ransomware.
