Three NHS hospitals in London have been forced to divert ambulances and cancel operations after being hit by a cyber attack.
The attack has so far affected a number of trusts in the British capital, with Guy’s and St Thomas’ and King’s College Hospital among those disrupted by the attack.
The attack is apparently hitting pathology services, according to an email from Professor Ian Abbs, CEO of Guy’s and St Thomas’ NHS Foundation Trust, seen by The Sunday times (through Subway).
Canceled transplants and major surgeries
The letter states: “I can confirm that our pathology partner Synnovis experienced a major IT incident earlier today, which is ongoing and means we are currently disconnected from Synnovis IT servers.”
The letter goes on to explain that primary care across South East London is being affected, with blood transfusions taking a significant hit from the attack. The letter also stated that an incident response team is investigating the attack.
Commenting on news of the attack, Trevor Dearing, director of critical infrastructure at Illumio, said: “NHS systems are a prime target for cybercriminals because one small breach can affect multiple entities. This is another example of why mitigating breaches is paramount: mitigating attacks at the point of entry can dramatically reduce the impact of a breach.”
“The ‘chaos factor’ of causing mass civil unrest is now the driving force behind many cyber attacks, and healthcare is one of the few industries where cyber attacks can have a fatal impact on human life,” Dearing continued.
“It is no surprise that the attacker gained access to the network through an external IT supplier. Many healthcare organizations depend on the operation of these systems, and as we saw with the Capita IT attack, hitting these providers can have major consequences.”
“This is another example of the importance of supply chain security and why hospitals must ensure security controls extend to their third-party software vendors. Cybercriminals will always go after the weakest link to gain access to more valuable systems. That’s why it’s important to implement a Zero Trust approach. “Based on the mantra of ‘never trust, always verify,’ healthcare organizations can tightly control access to critical systems and prevent unauthorized entities from gaining access,” Dearing concludes.
The attack, which is believed to have taken place on Monday, comes weeks after NHS England released data showing that the British public has no confidence at all in NHS cyber security.