London hospitals forced to cancel operations following ransomware attack

Alfonso Maruccia

Posts: 2,576   +958
Staff
In a nutshell: Ransomware attacks not only cause significant damage to digital-focused companies, but they can also disrupt essential real-life services. Healthcare, once a troublesome target for established cyber-crime groups, is again being targeted in the latest file-encrypting operations.

An unknown ransomware gang has brought pathology lab company Synnovis down, forcing major London hospitals to cancel or delay their healthcare services as a consequence. According to the UK's National Health Service (NHS), the attack is having a "significant impact" on services delivered by Guy's, St Thomas', and King's College Hospital NHS Foundation Trusts, as well as care services in southern London.

Emergency care is still available, NHS representatives confirmed; therefore, London patients "should" be able to access healthcare lines by dialing 999 (for emergencies) or 111. Scheduled appointments are confirmed as well, unless patients are told otherwise. The NHS is still trying to understand the full impact of the ransomware attack, which means that this critical incident will likely not be resolved for a few hours or even days.

According to messages leaked on Tuesday, Synnovis experienced a "major IT incident" which brought the company's services offline. Affected hospitals cannot access Synnovis' servers right now, making blood transfusions and related hospital services very difficult or impossible to administer. The NHS was forced to cancel surgeries at specialist centers, and focus only on the most urgent cases.

Leaked documents revealed that WinPath, a digital platform for blood transfusion management, is currently down across all sites served by Synnovis. Other systems such as BloodTrack and EPIC are still working, although all of the company's IT systems seemingly have been compromised by this devastating ransomware attack.

Synnovis CEO Mark Dollar said that the organization is still trying to understand what actually happened. There's now a task force of experts, both from Synnovis and the NHS, working to assess this major incident and the effects it had on London's healthcare. Dollar wants to "minimize" the impact on patients, but things are looking dire for people in need of organ transplants or other urgent operations.

Synnovis takes cybersecurity "very seriously," Dollar said, but this incident is a harsh reminder about the disruption a sudden, unexpected, and very effective attack can bring. In April, one of Synnovis' partner companies (Synlab) suffered a major security breach by the Black Basta ransomware group. Synlab Italia was able to restore its healthcare services in a month, although there are no clear indications that Black Basta was involved in the latest attack against London hospitals.

Permalink to story:

 
Regardless, this is exactly why hacking should be considered a Capital Offense punishment by life imprisonment or execution. Putting innocent lives at risk is without reason or excuse and should be treated the same way.
 
The appropriate solution here really is the death penalty. All countries must hunt these people down and terminate the attackers. These ransomware attackers are causing tremendous suffering, injustice and death globally. They violate the human rights of others for profit. In my country they have caused severe damage - court cases could not happen, imports could not happen.. and yes while the security of those various departments were a problem, the hackers are ultimately accountable for the attacks.
 
They do not take this "very seriously", Otherwise they'd have an actual backup plan, instead, it's all just down...

Backup plans - at what cost & slow down to everyone for every single service on this planet?
Nothing will be affordable (things are already hard for many). Many like to blame the victims here for not being secure enough... but I'd like to see more people blame the governments for lack of applying the death penalty for these crimes.

Why should I pay more for crime? The criminal must pay the ultimate price so that more people can afford healthcare and other services.
 
Regardless, this is exactly why hacking should be considered a Capital Offense punishment by life imprisonment or execution. Putting innocent lives at risk is without reason or excuse and should be treated the same way.
I agree, but sadly the UK abolished capital punishment decades ago, and currently the prisons are so full they are having to let hundreds of crims out early to make room for new inmates and judges are told to ease up on incarceration until some miracle happens to ease the situation.
 
When are healthcare IT admins going to realize that connecting a critical resource to the internet(where it can be openly attacked) is a very bad(read completely incompetent) choice?

Nitwits deserve to be punished if they're not going to enforce good operating security standards.
 
Back