Russian crime group behind cyber attack on London hospitals, expert says
A group of Russian cybercriminals are behind the ransomware attack that halted operations and testing at major London NHS hospitals, the former CEO of the National Cyber Security Center has said.
Ciaran Martin said the attack on pathology services company Synnovis had led to a “severe reduction in capacity” and was a “very, very serious incident”.
Hospitals declared a critical incident after the attack, canceled surgeries and tests and were unable to provide blood transfusions.
Memos to NHS staff at King’s College Hospital, Guy’s and St Thomas’ (including Royal Brompton and Evelina London children’s hospital) and primary care services in the capital said a “major IT incident” had occurred.
When asked on BBC Radio 4’s Today program on Wednesday whether it was known who had attacked Synnovis, Martin said: “Yes. We suspect that it concerns a Russian group of cyber criminals who call themselves Qilin.
“These criminal groups – there are quite a few of them – operate freely from Russia, they give themselves high-profile names, they have websites on the so-called dark web, and this particular group has about a two… year history of attacks on various organizations across the whole world.
“They’ve attacked car companies, they’ve attacked the big issue here in Britain, they’ve attacked Australian courts. They are just looking for money.”
He said it was unlikely that the Russian hackers would have known they would cause such a serious disruption to primary health care when they set out to carry out the attack.
He added: “There are two types of ransomware attacks. One of them is when they steal a bunch of data and try to force you to pay so that it doesn’t get released, but this case is different. It is the more serious form of ransomware where the system simply does not work.
“So when you work in healthcare in this trust, you just don’t get those results, so it’s actually seriously disruptive.”
He said the government had a policy of not paying, but the company would be free to pay the ransom if it wanted to.
“The criminals threaten to publish data, but they always do that. Here the priority is to restore services.”
The National Cyber Security Center is investigating the impact of the cyber attack with NHS officials.
Synnovis said the incident had been reported to the police and the information commissioner.
The health secretary, Victoria Atkins, wrote on X on Wednesday: “Yesterday I met with NHS England and the National Cyber Security Center to oversee the response to the cyber attack on pathology services in South East London.
“My absolute priority is patient safety and the safe resumption of services in the coming days.”
Synnovis CEO Mark Dollar said a taskforce of IT experts from Synnovis and the NHS was working to fully assess the impact and what action was needed.
According to the Health Service Journal, a senior source said gaining access to pathology results could take “weeks rather than days”.