London hospitals cancel operations after ransomware cyber attack

Vehicles in front of the Royal Brompton Hospital
Investigative authorities and external IT security experts are currently looking into the incident. (Source: IMAGO / Parsons Media)

Several large hospitals in the British capital, London, have reported a “critical incident” – and had to postpone operations. The background is an cyber security incident with a joint health provider.

According to media reports, seven hospitals that cooperate with the company, Synnovis, have been affected in total. Synnovis examines blood samples, for example.

Synnovis confirmed on Tuesday to have been victim of ransomware the day before.

The hospitals affected include King’s College Hospital, which is responsible for a million people in London. The hospitals Royal Brompton and Harefield, the largest cardiac and pulmonary clinics in Great Britain, have also been affected.

Operations postponed

As a result of the incident, the clinics had to postpone scheduled operations. Blood transfusions could not be performed. In part, emergency patients were transferred to other hospitals, reports the BBC. As reported by The Guardian, even some scheduled caesarean sections had to be performed in different clinics.

The BBC reports of a 70-year-old patient who was scheduled to have an operation at the Royal Brompton Hospital in the Chelsea district. He was notified approximately six-and-a-half hours after his actual appointment that the operation would not be happening.

“The staff on the ward didn’t seem to know what had happened, just that many patients were being told to go home and wait for a new date,” he said to the BBC.

A woman said: “My husband received a text message last night advising his appointment this morning had been cancelled due to circumstances beyond their control, and that all major south London hospitals are unable to take any bookings for an indefinite period of time.”

Restoration could take weeks

According to Synnovis, law enforcement agencies and IT experts are currently investigating the incident. The trade journal “Health Service Journal,” reported on Tuesday that is expected for the hospital impairments to persist for several weeks.

Director at Synnovis, Mark Dollar said: “This is a harsh reminder that this sort of attack can happen to anyone at any time and that, dispiritingly, the individuals behind it have no scruples about who their actions might affect.”

Former head of the British National Cyber Security Centre, Ciaran Martin, told the BBC on Wednesday that a criminal group from Russia that calls itself Qilin was likely responsible. According to Martin, they are only interested in money.

With ransomware attacks, criminals normally encrypt existing data on systems and demand a ransom for restoring the data. Offenders typically also obtain data and threaten releasing its details. However, ransoms do not guarantee that the extortioner will abstain from releasing the data or that they will actually restore encrypted data.

Not an isolated incident

In the past, several ransomware incidents have been made public in the health sector: In 2017, a number of international companies were infected with the malware, WannaCry – British hospitals were also affected back then. According to details provided by the National Health Service (NHS), approximately 7,000 appointments, some of which included operations, were cancelled as a result. However, it is estimated that perhaps even 19,000 appointments were affected.

Even the University Hospital of Düsseldorf had to postpone operations and close their emergency room in fall 2020 after data on the clinic’s servers had been encrypted by a trojan (German article).

The case attracted a great deal of attention because a patient had to be transferred to another hospital due to the system outage – and died shortly thereafter. The public prosecutor’s office had then started an investigation into involuntary manslaughter, which indeed was later abandoned (German article). This was because the autopsy revealed that the woman would have also likely died in the university clinic even if she had been treated more quickly.

Additionally, at the end of last year, a company that operates 30 hospitals in six US states had to transfer patients to different hospitals from some of their emergency rooms. The systems there were taken offline after ransomware was discovered.

Furthermore, a similar incident impaired pharmacies in the US earlier this year. (js)