London Hospitals Held To Ransom

Uploaded on 2024-06-20 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare

A recent major cyber attack on NHS hospitals caused a number of procedures to be cancelled or changed, with blood transfusions said to be particularly affected, according to health trusts.

Now, a ransom demands of $50million have been made by Qilin cyber gang following the attack impacting London NHS services over two weeks ago, which consequently has held up patient appointments, blood transfusions and operations.

Affected hospitals were forced to launch an appeal for O blood-type donors to book appointments across the country following the ransomware attack affecting several major London hospitals.

Cyber security expert Deryck Mitchelson, former-CISO at NHS Scotland and head of global CISO at Check Point Software has commented "The Qilin ransomware incident has had a huge knock-on effect on the daily running of NHS hospitals in the South-East of England. These attacks always feel quite personal and continue to raise questions about why public services are repeatedly made the target of criminal gangs... While details about the data being held are still unclear, the group's demands for $50 million suggests that it is serious. The size of ransom is based on the scale of disruption and acts as the carrot being dangled to quickly restore services. Although paying it might seem like the easier way out, there are hidden costs to settling...

"Simply put, there is no guarantee the data will be restored or trustworthy, and it might still end up being exposed after payment." 

According to Mitchelson, organisations who choose to pay ransoms won’t be protected from future attacks nor will it prevent the reputational costs they might be left with. "So, it is essential that the organisation is clear on the type of data that has been stolen so that they know the scale of the breach and can plan the right route to recovery."

The recent cyber attack has meant that the affected hospitals cannot currently match patients' blood in the way that they usually do. O-negative is the type that can be given to anyone, known as the universal blood type. It is used in emergencies or when a patient’s blood type is unknown. Air ambulances and emergency response vehicles carry O-negative supplies. Several of the  London based hospitals affected have cancelled operations and tests, and were unable to carry out blood transfusions recently after the attack on the pathology firm Synnovis, which Qilin, a Russian group of cyber criminals, is believed to have been responsible for.

Emails to the NHS staff at King's College Hospital, Guy's and St Thomas’s and primary care services in London has said a critical incident had been declared.

For surgeries and procedures requiring blood to take place, hospitals need to use O- type blood as this is safe to use for all patients and blood has a shelf life of 35 days, so stocks need to be continually replenished, the NHS said. 

Eight per cent of the population have type O-negative but it comprises about 15% of hospital orders. O-positive is the most common blood type, 35% of donors have it, and it can be given to anybody with any positive blood type. This means three in every four people, or 76% of the population, can benefit from an O-positive donation.

Andrew Hollister, CISO at LogRhythm, commented " The urgent call for O-type blood donations following the ransomware attack on Synnovis is proof of the dangerous and disruptive real-life consequences caused by cyberattacks.  The ongoing repercussions from this attack are a critical reminder that cyberthreats are not victimless crimes... "

"Healthcare organizations need to treat this attack as an urgent reminder to prioritize the cybersecurity of not only their own systems but also of any third-party providers they are using."
  
"Keeping ahead of sophisticated risks requires organizations to do the basics well including patching, backups, and implementing two factor authentication everywhere possible... One hundred percent security is not possible, but organizations should seek to reduce the risk as much as possible considering the consequences of a successful compromise...

"Failure to take action risks the well-being of individuals that rely on essential services and no industry is safe." Hollister said.

Blood.UK   |   BBC   |   Guardian   |   Sky   |   Standard   |    Londra Gazete

Image: Anna Shvetsa

You Might Also Read: 

Spanish Healthcare Service Works On Resilience:

DIRECTORY OF SUPPLIERS - Ransomware Protection:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Major AI Threats Cyber Security Teams Must Deal With
Business Email Compromise Warning Signs »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CCL Solutions Group

CCL Solutions Group

CCL is one of Europe’s leading digital investigation specialists, supporting law enforcement, government and organisations across both public and private sectors.

National Agency for Information & Communication Technologies (ANTIC) - Cameroon

National Agency for Information & Communication Technologies (ANTIC) - Cameroon

ANTIC is responsible for regulating the activities of electronic security and regulation of the Internet in Cameroon.

Arcanum Information Security (AIS)

Arcanum Information Security (AIS)

Arcanum Information Security is a specialist Information Assurance Consultancy and a leading provider of Cyber Security services to UK Defence, UK Government, Enterprise businesses and SMEs.

Atempo

Atempo

Atempo is a leading independent European-based software vendor with a global presence. We provide solutions to protect, store, move and recover all your data.

CNA Insurance

CNA Insurance

CNA offers a market-leading suite of cyber liability insurance products and risk control resources for businesses of all sizes.

SmartContractAudits.com

SmartContractAudits.com

SmartContractAudits.com is the leading platform for finding companies providing smart contract auditing services.

Westminster Insight - Cyber Security Conference

Westminster Insight - Cyber Security Conference

Join colleagues this December for Westminster Insight’s Cyber Security Conference, as you’ll assess how new technologies such as AI can secure your organisation against future threats.

Elpha Secure

Elpha Secure

Elpha Secure provides a comprehensive cybersecurity solution, combining technology and insurance to protect against cyber threats.

Motorola Solutions

Motorola Solutions

Motorola Solutions build mission-critical services, software, video and analytics, backed by secure, resilient land mobile radio communications.

eCapital

eCapital

eCAPITAL is a leading venture capital firm that provides early to growth stage funding to technology companies in fields including software & information technology, cybersecurity and industry 4.0.

Avalor

Avalor

Avalor are on a mission to help security teams make faster, more accurate decisions by making sense of their data. With Avalor you can bring in data from anywhere, normalize it and analyze it.

eMudhra

eMudhra

eMudhra is a leader in Identity and Transaction Management Solutions.

Fingerprints

Fingerprints

Fingerprints is the world-leading biometrics company. Our solutions are found in millions of devices providing safe and convenient identification and authentication with a human touch.

Wattlecorp Cybersecurity Labs

Wattlecorp Cybersecurity Labs

Wattlecorp Cybersecurity Labs are a group of IT security specialists, ethical hackers, and researchers driven to identify security flaws before cyber threat actors does.

Cloud & More

Cloud & More

Tired of impersonal IT support? Experience the Cloud & More difference. We offer tailored IT services with a personal touch, ensuring your business technology runs smoothly.

Neural Defend

Neural Defend

Neural Defend is a deepfake detection technology with proprietary algorithms and an AI agentic multi-layered of solution.