London’s NHS hospitals are returning to paper records after a cyber attack
A cyber attack believed to have been carried out by a Russian group has forced London’s NHS hospitals to revive long-dismissed paper record systems in which porters manually deliver blood test results as IT networks have been disrupted.
Guy’s and St Thomas’ Trust (GSTT) have gone back to using paper, instead of computers, to receive the results of patients’ blood tests.
Synnovis, which analyzes blood tests for GSTT, is still at work despite being hit by a large-scale ransomware attack on Monday that has caused serious problems for the NHS.
A GSTT clinical staff member said: “Since the attack, Synnovis have had to print out blood test results when they receive them from their laboratories, which are on site at Guy’s and St Thomas.
“Porters collect them and take them to the department where the patient is staying or (to the) relevant department responsible for their care. The doctors and nurses involved in their care then analyze them and decide on that person’s treatment depending on what the blood test shows.
“This is happening because Synnovis’ IT cannot communicate with ours due to the cyber attack. Normally the blood results are sent electronically, but that is not an option now.”
The revelation came as more details emerged about the impact of the latest hacking incident at the NHS, which Ciaran Martin, the former chief executive of the National Cyber Security Center, said was carried out by Russian cybercriminals.
The attack, believed to be carried out by the Qilin gang, has forced seven London hospitals run by GSTT and King’s College Trust to cancel an undisclosed number of operations, blood tests and blood transfusions and declare a “critical incident”. Together the trusts provide acute and various specialist care to 2 million people in six south-east London boroughs.
The Guardian can reveal that – despite previous denials – the hack has also affected South London and the Maudsley (Slam) trust, the largest mental health provider in England.
Prof. Ian Abbs, CEO of GSTT, said in a letter to trust staff on Tuesday evening that the “very significant incident” “had a major impact on the delivery of services at our trust, King’s (trust) and primary care services in South Africa. -East London”.
Dozens of GP practices in the region have also had the opportunity to request blood tests and receive affected results, sources said.
Abbs said a wider range of services had been affected than those the NHS had recognised. “It also impacts other hospitals, community and mental health services in the region,” he added, referring to the Slam Trust.
Martin said the attack on Synnovis had led to a “severe reduction in capacity” and was a “very, very serious incident”.
Russia-based cyber hackers have “attacked car companies, they have attacked the big issue here in Britain, they have attacked Australian courts. They are just looking for money,” he added.
Meanwhile, a leading IT security expert warned that the attack could mean that blood test results used by the NHS to guide patient care have been “tampered”.
John Clark, professor of computer and information security at the University of Sheffield, said: “Patient safety is of paramount importance and the accuracy of results is essential. So it is important to emphasize that unless it is known what happened to the system, the accuracy of stored data cannot be guaranteed.
“Determining whether stored data has been tampered with may simply not be possible and tests may need to be re-run and results re-recorded.”
Hackers could also cause chaos for NHS trusts by attacking their appointment booking systems, he warned.
The outsourcing to companies of more and more functions previously performed by government departments and agencies has increased the latter’s vulnerability to cyber hacking, he said. “Many services are outsourced by government agencies, including the NHS,” Clark said. “Connectivity to such external systems radically increases the number of entry points for attacks on services and the systems that combine them.”
A separate source confirmed to The Guardian that the Qilin group was the attacker. It is understood there is no indication the attack has spread, despite Synnovis having contracts with other NHS trusts across the country.
Martin said the attack appeared to have been carried out as disruptively as possible in an attempt to secure a ransom.
“It seems like a targeted operation designed to hurt so they have to pay,” he said.
The tech company behind Synnovis, Munich-based Synlab, was hit by a ransomware attack from another group – known as BlackBasta – in April and appears not to have paid a ransom. Typically, ransomware gangs extract data from the victim’s IT system and demand payment for its return.
Details of the hack of Synlab’s Italian branch were published in full online last month, showing that no ransom was paid. It is not illegal to pay ransomware gangs in Britain, although it is against the law to pay a ransom if the affected entity knows or suspects that the proceeds will be used to finance terrorism.
Martin said most ransomware gangs operate within Russia, albeit without direct influence from the Russian state.
“Most of these groups are hosted and tolerated by Russia, but not run by the state. Russia is a huge safe haven for cybercrime,” he said.
Qilin is known as a ransomware-as-a-service group, meaning it rents malware to fellow criminals in exchange for a cut of revenue, as well as to targeted vets.
According to cryptocurrency research firm Chainalysis, victims of ransomware attacks paid a record $1.1 billion to the attackers last year, double the total in 2022.
Ransomware gangs typically demand payment in cryptocurrency, which they can find more easily across international borders and can be less traceable if certain exchanges are used. According to Sophos, a British cybersecurity company, the average payment for ransomware has increased 500% in the past year to $2 million.