Russian hackers behind London hospitals cyberattack
The attack has forced hospitals to postpone or relocate elective surgeries
A suspected Russian criminal group is behind the cyberattack that hit major hospitals in London earlier this week, disrupting vital services and causing distress for patients, a security expert has said.
The attack targeted pathology services firm Synnovis, causing a "severe reduction in capacity" - forcing hospitals to cancel operations, tests, and even blood transfusions.
Ciaran Martin, former chief executive of the National Cyber Security Centre (NCSC), identified the attackers as the group "Qilin," known to operate freely from within Russia.
"We believe it is a Russian group of cybercriminals who call themselves Qilin," Martin told BBC Radio 4's Today programme on Wednesday.
Qilin is known to be a "ransomware-as-a-service" group, meaning they offer malware to other cybercriminals in exchange for a share of the profits.
Martin believes the group's motivation is purely financial. "They're simply looking for money," he said.
While paying ransoms is not illegal in the UK, it is prohibited if the funds are suspected of financing terrorism.
The attack comes just a month after Synnovis's parent company, Synlab, faced a separate ransomware attack by a different group, BlackBasta.
Ransomware attacks are a growing concern, with victims paying a record $1.1 billion to attackers in 2023 - double the previous year, according to the cryptocurrency research firm Chainalysis. These attacks often target cryptocurrency payments, making them harder to trace.
Martin highlighted the severity of the incident, calling it "one of the more serious that we've seen in this country."
Major hospitals affected by the attack include Guy's, St Thomas', King's College, the Evelina children's hospital, Royal Brompton and Harefield specialist hospitals, and the Princess Royal hospital in neighboring Kent.
Elective surgeries have been postponed or relocated to other already-strained hospitals. Blood test requests are restricted to emergencies only, hindering transfusions and other critical procedures. Routine blood tests ordered by GPs have also been cancelled, potentially delaying diagnoses and treatment for countless patients.
Professor Ian Abbs, CEO of Guy's and St Thomas', acknowledged the disruption in a letter to staff, expressing his understanding of frustrations for both patients and healthcare workers.
The NHS has activated "mutual aid" procedures, where unaffected hospitals will shoulder some of the workload from crippled facilities.
NHS insiders warn this situation could drag on for "weeks or months," raising concerns about the long-term impact on patient care.
NHS London has launched a dedicated "cyber incident response team" to manage the crisis. Patients are advised to continue with scheduled appointments unless contacted otherwise.
Law enforcement agencies like the National Crime Agency and the Information Commissioner's Office are involved in the investigation. Additionally, Synnovis is collaborating with the NCSC and the NHS's Cyber Operations team to resolve the attack.
"Throughout yesterday I had meetings with NHS England and the National Cyber Security Centre to oversee the response to the cyber-attack on pathology services in south-east London," the health secretary, Victoria Atkins, wrote on X on Wednesday.
"My absolute priority is patient safety and the safe resumption of services in the coming days," she added.