It will take ‘many months’ before the cyber attack on London hospitals is resolved

The cyber attack that is severely disrupting hospitals and GP practices in London will take “many months” to resolve, a senior NHS source has warned.

“It is unclear how long it will take for services to return to normal, but it will likely take many months,” the well-placed official said.

“The key to a return to normal will be clarity on how the hackers gained access to the system, how many records were compromised and whether these records can be retrieved,” she added.

Six NHS trusts and dozens of GP practices in south-east London, serving two million patients, have struggled to deliver many types of care normally to patients since Russian hackers infiltrated and compromised the IT system of Synnovis, a private analytics company. made unusable. blood tests.

The ransomware attack, believed to be carried out by Russian criminal gang Qilin, caused such chaos that the NHS had to declare a ‘critical incident’ last Monday. Quilin’s modus operandi is to demand money from victims in exchange for giving back access to their systems.

Trusts including Guy’s and St Thomas’ (GSTT) and King’s College have had to cancel large numbers of non-urgent operations, including cancer procedures, as well as scheduled caesarean section births, as they have been forced to ration blood tests. they do.

The NHS has not publicly given any indication of how long it will take for Synnovis to regain control of its system, from which it has been blocked by software brought in by the hackers. But the senior source’s comments represent the latest thinking from NHS leaders on the likely timescale.

Ciaran Martin, former head of the National Cyber ​​Security Centre, agreed with the NHS’s view that it could face a prolonged period of disruption.

“We should not be surprised that the time needed to fully restore services is weeks or even months. That’s pretty typical for these types of disruptive ransomware attacks,” he says.

It would be “very unusual” if NHS trusts were able to return to normal working at short notice, added Martin, who is now a professor at the University of Oxford’s Blavatnik School of Government.

“The analogy to the physical world is that it’s not so much about locking out of your house, it’s about kicking in the door, closing the door and then putting up a padlock,” he said of ransomware attacks.

In such an attack, IT systems are encrypted by the attacker and the victim is forced to rebuild their infrastructure if they do not pay for access to a decryption key. Even if the computers are decrypted, the damage can still be extensive.

NHS England’s London region is trying to cushion the impact of the attack on care provision by stepping up ‘mutual aid’ arrangements, with other trusts in the capital taking on some of the work that affected hospitals cannot do .

For example, some people with heart problems admitted to GSTT or King’s have been transferred to St George’s hospital in south-west London. There are plans to take organ transplants, which are normally carried out at King’s, elsewhere.

GPs in the six south-east London boroughs where the trusts are based have also had to dramatically scale back the number of blood tests they can order and focus only on urgent cases.

In her weekly message to healthcare leaders on Monday, NHS England chief executive Amanda Pritchard said that despite being a national healthcare service, “that does not mean we are isolated from international events and actors – whether is about pandemics, supply chains, politics or criminals.”

She added that the hack shows “how easy it is to take things for granted until they are gone or severely limited”, referring to pathology services, which “play an invisible but incredibly important role in the modern NHS”.

Typically, Qilin attacks involve the theft of data from a victim’s IT systems in addition to encryption. The data is then posted to an extortion site on the dark web if a ransom is not paid. However, as of Monday, no data had been posted to Qilin’s extortion site.

NHS England has been contacted for comment.