Russian cyber criminal gang behind ransomware attack on London hospitals, says expert

Hear more on today’s episode of Tech & Science Daily.

A Russian group of cyber criminals was behind the attack on pathology services affecting several major London hospitals, a cybersecurity expert has said.

Ciaran Martin, former chief executive of the National Cyber Security Centre, said that a group of criminals named Qilin were likely to be behind the attack that devastated planned NHS services on Tuesday.

Memos to NHS staff at King's College Hospital, Guy's and St Thomas' (including the Royal Brompton and the Evelina London Children's Hospital) and primary care services in the capital say pathology partner Synnovis was hit by a "major IT incident".

Some procedures and operations have been cancelled or have been redirected to other NHS providers as hospital bosses continue to establish what work can be carried out safely.

Mr Martin told BBC Radio 4’s Today programme: “These criminal groups, there are quite a few of them, they operate freely from within Russia, they give themselves high profile names, they've got websites on the so called dark web and this particular group has about a two-year history of attacking various organisations across the world.

“They've done automotive companies, they've attacked the Big Issue here in the UK, they've attacked Australian courts. They're simply looking for money.”

He said it is “unlikely” the Russian hackers would have known they would cause such serious primary healthcare disruption when they set out to do the attack.

He added: “There are two types of ransomware attack. One is when they steal a load of data and they try and extort you into paying so that isn’t released, but this case is different. It’s the more serious type of ransomware where the system just doesn’t work.

“So, if you’re working in healthcare in this trust, you’re just not getting those results so it’s actually seriously disruptive.

“This type of ransomware has affected healthcare all over the world.

“It’s particularly damaging in the United States, and where this type of cyber attack is different in terms of its impact from others, is that it does affect people’s healthcare. So it’s really one of the more serious that we’ve seen in this country.”

In 2021, it was announced that SynLab would partner with the NHS to deliver pathology services at hospitals and GP services across south-east London.

As well as serving King's, and Guys' and St Thomas', the pathology service also caters for South London and Maudsley and Oxleas NHS Foundation Trusts and a number of GP practices, clinics and other community services across the boroughs of Bromley, Lambeth and Southwark.

A spokesman for NHS England London region said Monday’s attack was “having a significant impact” on the delivery of services at Guy’s and St Thomas’, King’s College Hospital NHS Foundation Trust and primary care services in south-east London.

“We are working urgently to fully understand the impact of the incident with the support of the Government’s National Cyber Security Centre and our cyber operations team.”