According to reports, major hospitals in London have declared a critical incident following a cyber-attack lead to operations being cancelled and emergency patients being diverted elsewhere.

King’s College Hospital, Guy’s and St Thomas’ – including the Royal Brompton and the Evelina London Children’s Hospital – and primary care services are among those affected.

The incident has had a “major impact” on the delivery of services, especially blood transfusions and test results.

What are the delays?

Some procedures have been cancelled or changed to other NHS providers, while the hospitals affected figure out what work can be continued.

The Health Service Journal (HSJ) reports several senior sources told the system has been the victim of a ransomware attack.

One said gaining access to pathology results could take “weeks, not days”.

“Comes as no surprise”

“With healthcare organisations experiencing a 13% increase in attack attempts last year, this latest breach comes as no surprise,” said David Critchley, Regional Director of UK & I at Armis.

“The ransomware attack on a third-party provider has exposed vulnerabilities within the supply chain, leaving patients without access to essential treatment.

“To avoid this type of attack, it’s vital that healthcare organisations have complete visibility and security for all connected medical devices, clinical assets as well as the entire healthcare ecosystem.

“They should also segment the network and create barriers between critical systems and older devices to help contain potential breaches and limit the damage attackers can inflict.

“Implementing best practices like strong passwords, firmware updates and access control – alongside complete visibility of the attack surface – can improve cyber hygiene and make organisations less vulnerable. 

“Healthcare organisations must understand that vulnerabilities can come from the supply chain too, so due diligence is essential.”

Unknown motives

“The NHS is in a difficult situation in the face of prolific threats, exacerbated by recent IT budget cuts and it is now at its most vulnerable to cyberattack,” added Deryck Mitchelson, Global CISO at Check Point Software.

“Defending such an institution is not an easy job but everyone in the chain of command, including the vast network of third-party suppliers, absolutely needs to be on high alert right now.

“The healthcare sector is one of the most targeted industries globally with an average organisation facing more than 2,140 cyberattacks per week.

“Its hugely fragmented IT infrastructure means there are ample opportunities for brute force or covert attacks to be carried out by cybercriminals through supply chain access.

“As it stands it is unclear what the motives are behind this incident or who is responsible, but early reports suggest this is the result of a ransomware attack.

“If data has been extracted, it could be encrypted and held until payment is received, and while the NHS won’t pay ransom demands, suppliers often will.

“The NHS holds a huge volume of valuable data that could fetch a big price tag if sold on the dark web, so it is important that we understand what information has been extracted to fully appreciate the scale of the potential breach.

“Right now, the priority should be on making sure patients receive the treatment they need, and any further disruptions are mitigated.”

More Security News