A Russian cybercriminal group is behind the ransomware attack that has hit major London hospitals.
The PA news agency understands that the group called Qilin is behind the attack on pathology company Synnovis, which has severely hit operations, tests and blood transfusions in the capital.
Earlier, former National Cyber Security Center CEO Ciaran Martin said the incident had led to a “severe reduction in capacity” and “it is a very, very serious incident”.
Memos to NHS staff at King’s College Hospital, Guy’s and St Thomas’ (including the Royal Brompton and Evelina London Children’s Hospital) and primary care in London said a critical incident had been declared.
Asked on BBC Radio 4’s Today program if it is known who attacked Synnovis, Mr Martin said: “Yes. We believe it is a Russian cybercriminal group calling themselves Qilin.
“These criminal groups – there are quite a few of them – operate freely from Russia, they give themselves high-profile names, they have websites on the so-called dark web, and this particular group has about a two… year history of attacks on various organizations across the whole world.
“They’ve attacked car companies, they’ve attacked the big issue here in Britain, they’ve attacked Australian courts. They are just looking for money.”
He said it was “unlikely” that the Russian hackers would have known they would cause such a serious disruption to primary health care when they set out to carry out the attack.
He added: “There are two types of ransomware attacks. One of them is when they steal a bunch of data and try to force you to pay so that it doesn’t get released, but this case is different. It is the more serious form of ransomware where the system simply does not work.
“So when you work in healthcare in this trust you just don’t get those results, so it’s actually seriously disruptive.
“This type of ransomware has affected healthcare across the world.
“It is especially damaging in the United States, and where this type of cyber attack differs in impact from others is that it affects people’s health care. So it really is one of the most serious we’ve seen in this country.”
He said the government has a policy of not paying, but the company would be free to pay the ransom if it wanted to.
On patient data, he said: “It’s not really about the data, it’s about the services.
“The criminals threaten to publish data, but they always do. Here the priority is to restore services.”
Synnovis is a provider of pathology services and was formed from a partnership between SynLab UK & Ireland, Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospital NHS Foundation Trust.
Some procedures and operations in hospitals have been canceled or referred to other NHS providers as hospital bosses determine what work can be carried out safely.
NHS officials said they are working with the National Cyber Security Center to understand the impact of the attack.
Synnovis said the incident has been reported to law enforcement authorities and the Information Commissioner.
Health Minister Victoria Atkins said on Wednesday that her “absolute priority is patient safety”.
On social media site
“My absolute priority is patient safety and the safe resumption of services in the coming days.”
An NHS London spokesperson said: “The ransomware cyber attack on Synnovis continues to cause disruption to services at Guy’s and St Thomas’ NHS Foundation Trust, King’s College Hospital NHS Foundation Trust and primary care providers in South East London.
“All emergency services remain open as usual and the majority of outpatient services continue to operate as normal.
“Unfortunately, some operations and procedures, which rely more heavily on pathology services, have been postponed and blood tests are being prioritized for the most urgent cases, meaning patients have had phlebotomy appointments cancelled.
“We are sorry to all patients affected and NHS staff will be working hard to re-arrange appointments and treatments as quickly as possible.
“NHS England has deployed a cyber incident response team, working 24 hours a day to support Synnovis and provide emergency response, and coordinate with health services in the capital to minimize disruption to patient care.”
A cybersecurity expert said the agency may have to re-run some tests as it may not be possible to know if stored data has been manipulated by the hackers.
John Clark, professor of computer and information security at the University of Sheffield, said: “Patient safety is of paramount importance and the accuracy of results is essential. So it is important to emphasize that unless it is known what happened to the system, the accuracy of stored data cannot be guaranteed.
“Determining whether stored data has been manipulated may simply not be possible and tests may need to be re-run and results re-recorded.”
The Health Service Journal (HSJ) reported that a senior NHS manager said: “It’s everyone’s worst nightmare.
“The difficulty will be that when you have total system failure, the test volumes will be enormous. Even if you could transport samples across London to other labs, how would you get the results back as they are not integrated in that way?
“Urgent tests will have to be carried out on site. They will undoubtedly ask GPs to only send urgent tests, to manage volumes.”
Another source told the HSJ that the attack posed a huge problem for emergency care in hospitals as they would not have access to rapid blood test results.
Synnovis said Wednesday it could not comment further on the attack.
Company CEO Mark Dollar said a taskforce of IT experts from Synnovis and the NHS was working to fully assess the impact and what action is needed.
“Unfortunately, this is impacting patients, with some activities already canceled or referred to other providers as urgent work is prioritized,” he said.
One patient, Oliver Dowson, 70, was being prepared for surgery at the Royal Brompton Hospital from 6am on Monday, June 3, when he was told by a surgeon at around 12.30pm that the operation would not go ahead.
He told PA: “Staff on the ward did not seem to know what had happened, only that many patients were told to go home and wait for a new date.
“I’ve been given a date for next Tuesday and I’m crossing my fingers – it’s not the first time they’ve canceled, they did that on May 28 too, but that was probably a staff shortage in the half week.”
Vanessa Welham, from Streatham, south-west London, said her husband’s blood test at Gracefield Gardens health center was canceled on Monday evening and he was told local centers were not taking bookings “indefinitely”.
According to the HSJ, a senior source said that gaining access to pathology results could take “weeks rather than days”.