1. Brief Description of the Attack:

It is a case of ransomware attack targeted to a company named “Synnovis” that offers pathology tests like blood tests and had a partnered with other major healthcare organizations in June 2024. The attackers locked their systems and made it unusable until they paid the ransom. Two of the largest heart and lung centers, known as Royal Brompton and Harefield hospitals, were affected and there are other partners in South East London like King’s College Hospital are affected by this attack. The attack leads to the disruption of hospital services like appointments being canceled and redirected. The major impact was on the trauma cases, leading to critical patients receiving only urgent blood components. It was declared as a major incident. Synnovis CEO has also issued a statement acknowledging of being attacked, how people who are affected are being upset, and how they are handling the issue.

2. Impact and Consequences:

The major impact of the attack was the disruption of the healthcare services especially related to pathology services. Patients who need to take blood tests for blood transfusion experienced their appointments being cancelled or redirected. But the major impact was on the emergency trauma cases. Those who critically need blood transfusion in those cases are only given urgent blood components due to inability to perform blood transfusion test. It increases the burden of some hospitals as they have to handle extra patients redirected from the attack, stretching their limited resources. According to NHS (2024, September), 10,129 acute outpatient appointments and 1,702 elective procedures have been postponed. Additionally, they experienced shortage of certain types of blood supply.

3. How It Happened:

The data breach was carried out by a group of hackers named “Qilin”, who injected ransomware into the system of Synnovis, and locked them (Martin, 2024). As a result, services of Synnovis such as performing pathology services such as blood tests are disrupted and their partners including NHS cannot use the vital blood tests that are important for various treatments. They even published some data from the system of Synnovis (NHS, 2024, June), and made the system locked until Synnovis paid the ransom.

4. The Main Cause:

The main cause of the attack was “Ransomware“. It is still unclear how they injected ransomware into the system, but it is clear that they wanted ransom in exchange for the data. They even published some patient’s data on the dark site. A group named “Qilin” was the assailant of the cyber-attack behind Synnovis incident. Another reason why they could inject ransomware into the system was due to NHS still using aging IT-infrastructure according to Scroxton (2024) from Computer Weekly. This led to many vulnerabilities, resulting in hackers gaining access to the system and made it unusable.

5. Ways to Prevent:

Regular Update on IT-infrastructure: One of the reasons why the attackers were able to inject ransomware was due to the aging nature of IT infrastructures. Therefore, updating the IT infrastructure periodically or as needed would strengthen their IT infrastructure.
Regular Training of Staff on Cybersecurity: It is an important step to train staff in Synnovis and NHS about cyber security regularly. Since the ways used by attackers are becoming more and more complex, it is important that staff who have authorized access to systems and sensitive data should be well-informed and well-trained about the means and methods used by attackers.
Regular Risk Assessment: It would be a great strategy to assess the risks and vulnerabilities associated in the system regularly. I understand they have some sort of risk assessment but it should be more strict and regulated.
Disaster Recovery Strategies and Plans: According to NHS (2024, September), 10,129 acute outpatient appointments and 1,702 elective procedures have been affected. This means that they do not have well-planned disaster recovery strategies and plans. Even though they are responding to the incident in a timely manner, it would have been less severe if there had been proactive measures outlined in the disaster recovery plan.

References

Martin, A. (2024, June 4). Critical incident declared as ransomware attack disrupts multiple London hospitals. The Record by Recorded Future News. https://therecord.media/london-hospitals-ransomware-attack-critical-incident-declared.
NHS England. (2024, June 24). Synnovis cyber-attack: Statement from NHS England. NHS England. https://www.england.nhs.uk/2024/06/synnovis-cyber-attack-statement-from-nhs-england-24-june/.
NHS England. (2024, September). Latest media statement on Synnovis cyber-attack. NHS England London. https://www.england.nhs.uk/london/synnovis-ransomware-cyber-attack/latest-media-statement-on-synnovis-cyber-attack/.
Scroxton, A. (2024, July 8). Synnovis attack highlights degraded, outdated state of NHS IT. Computer Weekly. https://www.computerweekly.com/news/366592754/Synnovis-attack-highlights-degraded-outdated-state-of-NHS-IT.