The Qilin ransomware group has claimed responsibility for a cyberattack on Synnovis labs, a key partner of the National Health Service (NHS) in England. The attack, which began on Monday, has severely disrupted services at five major hospitals in London, including King’s College Hospital and Guy’s and St Thomas’ NHS Foundation Trust. The NHS declared the situation a ‘critical incident,’ noting that the full extent and impact of the attack on patient data remain unclear.
Synnovis, a prominent pathology service provider, runs over 100 specialised labs offering diagnostics for various conditions. Due to the ransomware attack, several critical services, such as blood testing and certain operations, have been postponed, prioritising only the most urgent cases. NHS England has deployed a cyber incident response team to assist Synnovis and minimise patient care disruption, though longer wait times for emergency services are expected.
The Qilin group, operating a ransomware-as-a-service model, typically targets victims via phishing emails. The attack on Synnovis has raised significant concerns about the security of healthcare systems and the reliance on third-party providers. Kevin Kirkwood from LogRhythm emphasised that the attack causes operational disruptions and undermines public trust in healthcare institutions. He called for robust security measures, including continuous monitoring and comprehensive incident response plans, to protect healthcare infrastructure better and ensure patient safety.
A ransomware attack on Synnovis, a pathology services provider, has severely disrupted major hospitals in London, including King’s College Hospital, Guy’s and St Thomas’, and the Royal Brompton. This incident has led to the cancellation and redirection of numerous medical procedures. The hospitals have declared a ‘critical incident’ due to the significant impact on services, notably affecting blood transfusions. Synnovis’ CEO, Mark Dollar, expressed deep regret for the inconvenience caused and assured efforts to minimise the disruption while maintaining communication with local NHS services.
Patients in various London boroughs, including Bexley, Greenwich, and Southwark, have been affected. Oliver Dowson, a 70-year-old patient at Royal Brompton, experienced a cancelled surgery and expressed frustration over repeated delays. NHS England’s London region acknowledged the significant impact on services and emphasised the importance of attending emergency care and appointments unless instructed otherwise. They are working with the National Cyber Security Centre to investigate the attack and keep the public informed.
Synnovis, a collaboration between SYNLAB UK & Ireland and several NHS trusts, prides itself on advanced pathology services but has fallen victim to this attack despite stringent cybersecurity measures. Deryck Mitchelson from Check Point highlighted the healthcare sector’s vulnerability to such attacks, given its vast repository of sensitive data. Recent cyber incidents in the UK, including a similar attack on NHS Dumfries and Galloway, underscore the persistent threat to healthcare services. Government agencies actively mitigate the current situation and support affected NHS organisations.
ABB, a Swiss multinational company specialising in electrification and automation technology, has been targeted by a Black Basta ransomware attack, resulting in significant disruptions to its business operations.
On 7 May, ABB fell victim to a ransomware attack which specifically targeted ABB’s Windows Active Directory, affecting a considerable number of devices within the company’s infrastructure.
In response to the breach, ABB took immediate action by severing VPN connections with its customers to prevent the ransomware from spreading to external networks. Nevertheless, the attack has significantly disrupted ABB’s operations, resulting in project delays and impacting its manufacturing facilities.
The company has since stated that ‘The vast majority of its systems and factories are now up and running and ABB continues to serve its customers in a secure manner.’
The Costa Rican Social Security Fund (CCSS), i.e. Costa Rica’s public health service was hit by Hive ransomware and forced to shut its systems down. The ransomware was deployed on at least 30 out of 1,500 government servers, CCSS told local media.
Cybersecurity experts suggested that Hive might be working with Conti to help Conti rebrand.
