Security news that informs and inspires

Synnovis Ransomware Attack Disrupts Healthcare Services

By

Synnovis, one of the UK’s top pathology and diagnostic service providers, on Tuesday confirmed that it was targeted by a ransomware attack that has been impacting its IT systems and resulting in interruptions to many of the organization’s pathology services across top hospitals in London.

The organization, which provides lab services to National Health Service (NHS) partners and clinical users, is a collaboration between SYNLAB UK & Ireland, Guy’s and St Thomas’ NHS Foundation Trust, and King’s College Hospital NHS Foundation Trust. The ransomware attack was first uncovered on Monday, and a spokesperson for the NHS England London region on Tuesday said that the attack was having a “significant impact” on the delivery of NHS services at the partner hospitals - the Guy’s and St Thomas’ and King’s College Hospital NHS Foundation Trusts - and primary care services across six boroughs. Details about how the attack occurred have not yet been disclosed.

“It is still early days and we are trying to understand exactly what has happened,” said Mark Dollar, CEO with Synnovis in a Tuesday statement. “A taskforce of IT experts from Synnovis and the NHS is working to fully assess the impact this has had, and to take the appropriate action needed. We are working closely with NHS Trust partners to minimise the impact on patients and other service users.”

Both NHS London and Synnovis said that emergency care continues to be available, but some patient appointments - including, reportedly, transplant surgery - have been canceled or redirected to other providers in order to prioritize “urgent work.” Synnovis and the NHS said they are working with the government’s National Cyber Security Centre and the Cyber Operations Team to respond to the attack.

“Regrettably this is affecting patients, with some activity already cancelled or redirected to other providers as urgent work is prioritised,” said Dollar. “We are incredibly sorry for the inconvenience and upset this is causing to patients, service users and anyone else affected. We are doing our best to minimise the impact and will stay in touch with local NHS services to keep people up to date with developments.”

The attack comes on the heels of another major ransomware attack in the healthcare industry - against the U.S.-based Change Healthcare in February - and both incidents showcase the potential for disruption that cyberattacks can have in this sector. Healthcare has proved to be a lucrative space for ransomware groups, with groups like Conti, Karma FIN12 and Hive targeting hospitals, providers and clinics over the years. Like this latest attack on Synnovis, previous ransomware attacks have impacted the efficiency of healthcare processes, with hospitals being forced to divert patients away from their emergency departments or reschedule appointments and surgeries. One challenge that makes cybersecurity particularly difficult in the healthcare space is that the industry is made up of a tangle of networks and partnerships. If one organization gets hit, like Synnovis, the impact of the fallout cascades across the hospitals it partners with.

“I think ransomware groups recognize the impact of healthcare attacks and they think they will get paid in order to save patients,” said Allan Liska, intelligence analyst with Recorded Future. “They also know that even if they aren't paid they might be able to sell the patient data and even if they aren't successful the ransomware groups know there will not be any repercussions for carrying out these attacks.”