Investigation of Russian Ransomware Attack on London Hospitals May Extend for Weeks

Updated: Saturday, June 22, 2024, 23:33 [IST]

An investigation is currently underway into a ransomware attack that targeted London hospitals earlier this month, an assault attributed to the Russian group Qilin. This cyberattack, which took place on June 3, has significantly disrupted the operations of NHS provider Synnovis, affecting its pathology services across southeast London. The National Health Service (NHS) of the UK, a state-run entity, has indicated that completing this investigation could span several weeks due to the complexity of the case.

Russian Hack on NHS: Weeks-Long Probe — Representative image

The cyberattack has had a profound impact on the healthcare services in south London, particularly affecting King's College and Guys and St Thomas' hospital trusts. These institutions, which manage multiple hospitals, clinics, and doctors' practices in the area, have experienced major disruptions. Specifically, the incident has led to the cancellation of hundreds of operations and appointments, with a notable effect on blood transfusion services.

Following the attack, NHS England has been alerted to the publication of data linked to this cybersecurity breach online. Reports from the BBC reveal that Qilin has disseminated nearly 400GB of sensitive data on their darknet site and Telegram channel. This data includes patient names, birth dates, and detailed blood test descriptions.

The National Crime Agency (NCA) and National Cyber Security Centre (NCSC) are actively working to authenticate the published files. Given the intricate nature of these files, the verification process is expected to be highly complex and time-consuming.

Further reports from The Guardian highlight the severity of the data breach, stating that records of 300 million patient interactions were compromised. This includes sensitive information regarding HIV and cancer blood test results. In response to this significant breach of patient confidentiality, a dedicated website and helpline have been established for those affected.

NHS England has expressed its understanding of the distress caused by this incident, especially for patients who may need to undergo re-testing. Meanwhile, the NCA has taken charge of the criminal investigation into this ransomware attack but has not provided further comments at this stage.

Ransomware attacks involve criminals deploying malware to lock computer systems, subsequently demanding payment for their release. These attacks are notoriously challenging to counteract due to most gangs operating from former Soviet states, beyond the reach of Western law enforcement. The UK's health system is no stranger to such cyber threats; it suffered a significant ransomware attack in 2017 that severely disrupted healthcare services nationwide.

Qilin, also known under the alias Agenda, is known for its activities on dark web cybercrime forums. According to Louise Ferrett from Searchlight Cyber, a threat intelligence firm, Qilin leases malware to affiliates who then carry out attacks and share a portion of any ransom payments received. The group has claimed over 100 victims through its malicious activities.