Services disrupted as London hospitals hit by cyber-attack

Major NHS hospitals in London have been hit by a cyber-attack, which is seriously disrupting their services, including blood tests and transfusions.

The ransomware attack is having a “major impact” on the care provided by Guy’s and St Thomas’ NHS trust, its chief executive has told staff in a letter.

The attack is understood to affect other hospitals, including King’s College hospital, and has left them unable to connect to the servers of the private firm that provides their pathology services.

Synnovis, an outsourced provider of lab services to NHS trusts across south-east London, was the target of the attack, believed to be a form of ransomware, a piece of software which locks up a computer system to extort a payment for restoring access.

According to one healthcare worker, the labs were still functional, but communication with them was limited to paper only, imposing a huge bottleneck and forcing cancellation or reassignment of all but the most urgent bloodwork. Direct connections with Synnovis’ servers were cut to limit the risk of the infection spreading.

Increasingly, ransomware attacks also involve the exfiltration of sensitive data, with a threat to publish the hacked information if a payment is not forthcoming.

This is the third attack in the last year to hit part of the Synlab group, a German medical services provider with subsidiaries across Europe. In June 2023, ransomware gang Clop hacked and stole data from the French branch of the company just days after it hit headlines for bringing down a payroll provider for companies including BA, Boots and the BBC. Clop published the stolen data later that summer.

In April this year, Synlab’s Italian subsidiary was hit by a different ransomware group, called “Black Basta”. In that attack, the group stole 1.5TB of data, and again published it when no ransom was paid.

Synnovis and Synlab UK have been contacted for comment.

Healthcare services are popular targets internationally for ransomware gangs. Underinvestment in IT can leave systems vulnerable to attack, while the risk to patient health means many providers are eager to restore services as quickly as possible, regardless of the cost.

If data is stolen, it tends to be particularly sensitive, and many healthcare providers are explicitly or effectively state-backed, giving them access to funds in an emergency.

In the UK, though, there has been growing pressure from the security services to prevent public and private sector organisations from paying ransoms. After the British Library was hit by a damaging hack in October 2023, it reiterated that it “has not made any payment to the criminal actors responsible for the attack, nor engaged with them in any way”.

“Ransomware gangs contemplating future attacks such as this on publicly funded institutions should be aware that the UK’s national policy, articulated by NCSC [National Cyber Security Centre], is unambiguously clear that no such payments should be made,” the library said in an incident report earlier this year.