London hospitals left in critical condition after ransomware attack
Pathology lab provider targeted, affecting blood transfusions and surgeries
Hospitals in London are struggling to deliver pathology services after a ransomware attack at a service partner downed some key systems.
NHS England's London region confirmed in a statement to The Register that a provider of pathology lab services, Synnovis, was the target.
A spokesperson for the region said: "This is having a significant impact on the delivery of services at Guy's and St Thomas', King's College Hospital NHS Foundation Trusts, and primary care services in south east London and we apologize for the inconvenience this is causing to patients and their families.
"Emergency care continues to be available, so patients should access services in the normal way by dialing 999 in an emergency and otherwise using 111, and patients should continue to attend appointments unless they are told otherwise. We will continue to provide updates for local patients and the public about the impact on services and how they can continue to get the care they need.
"We are working urgently to fully understand the impact of the incident with the support of the government's National Cyber Security Centre and our Cyber Operations team."
The situation was officially declared a "critical incident" on Tuesday morning, according to emails and memos sent to staff at affected hospitals, leaked by The Sunday Times.
"I can confirm that our pathology partner Synnovis experienced a major IT incident earlier today, which is ongoing and means that we are not currently connected to the Synnovis IT servers," Ian Abbs, CEO at Guy's and St Thomas' NHS Foundation Trust, wrote in one email.
"This is having a major impact on the delivery of our services, with blood transfusions being particularly affected. Some activity has already been cancelled or redirected to other providers at short notice as we prioritise the clinical work that we are able to carry out.
"I recognize how upsetting this is for patients and families whose care has been affected, and how difficult and frustrating this is for you all. I am very sorry for the disruption this is causing."
Abbs went on to say that an incident response structure has been engaged and NHS Trust officials are meeting regularly to assess the next steps to be taken.
He confirmed that not all the details are known, nor is it clear how long the issues will persist.
Ransomware payment ban: Wrong idea at the wrong time
OPINIONOther leaked documents revealed that the WinPath blood transfusions IT system is down across all sites. As a result, elective surgeries are being halted at specialist heart and lung healthcare center Royal Brompton and Harefield and the only blood components being issued at present are for the most urgent cases.
The BloodTrack and EPIC systems, a blood transfusion software and a digital health record system respectively, both remain operational, meaning blood components can still be administered where necessary.
The Register understands that some procedures have been canceled and others redirected to other sites as a result of the incident. All of Synnovis's IT systems are believed to be affected.
Synnovis is a partnership between Synlab, Guy's and St Thomas' NHS Foundation Trust, and King's College Hospital NHS Foundation Trust, delivering pathology and testing services across multiple labs.
Mark Dollar, CEO at the Synnovis partnership, said: "It is still early days and we are trying to understand exactly what has happened. A taskforce of IT experts from Synnovis and the NHS is working to fully assess the impact this has had, and to take the appropriate action needed. We are working closely with NHS Trust partners to minimize the impact on patients and other service users.
- NHS Digital hints at exploit sightings of Arcserve UDP vulnerabilities
- UK public voice fear over security in NHS data systems
- Nearly 1M medical records feared stolen from City of Hope cancer centers
- INC Ransom claims responsibility for attack on NHS Scotland
"Regrettably this is affecting patients, with some activity already cancelled or redirected to other providers as urgent work is prioritized. We are incredibly sorry for the inconvenience and upset this is causing to patients, service users and anyone else affected. We are doing our best to minimize the impact and will stay in touch with local NHS services to keep people up to date with developments.
"We take cybersecurity very seriously at Synnovis and have invested heavily in ensuring our IT arrangements are as safe as they possibly can be. This is a harsh reminder that this sort of attack can happen to anyone at any time and that, dispiritingly, the individuals behind it have no scruples about who their actions might affect."
The incident follows a separate case at Synlab Italia, which in April involved the Black Basta ransomware crew forcing the company's services offline.
Per the official breach information page on Synlab Italia's website, it took the healthcare provider nearly a month to restore the majority of its systems. It appears Synlab Italia didn't pay whatever ransom was demanded of it as Black Basta has its data available to download in full via its blog.
However, there is no suggestion that the incident in London today is linked to the attack in Italy.
Black Basta was also responsible for another recent major ransomware attack that targeted the healthcare sector. The Catholic faith-driven Ascension healthcare group disclosed an attack last month that prompted CISA and Health-ISAC to share guidance on how to thwart the ransomware gang's known tactics and methods. ®