Russian cyber criminals behind attack affecting London hospitals

Kings College Hospital and Guys's and St Thomas' are "severely affected" by the malware attack

Guy's Hospital - one of the sites affected by cyber attack blamed on a Russia group
Author: Kat Wright and PA's Jane Kirkby, Storm Newton and Ella PickoverPublished 5th Jun 2024

A Russian group of cyber criminals is behind the ransomware attack affecting major London hospitals - according to a former executive of the National Cyber Security Centre.

It's understood to be agroup called Qilin which has carried out a cyber attack on the pathology firm Synnovis. That's severely affected operations, tests and blood transfusions in the capital.

Earlier, former chief executive of the National Cyber Security Centre Ciaran Martin said the incident had led to a "severe reduction in capacity" and "it's a very, very serious incident".

Memos to NHS staff at King's College Hospital, Guy's and St Thomas' (including the Royal Brompton and the Evelina London Children's Hospital) and primary care services in London said a critical incident had been declared.

Speaking on BBC Radio 4, Mr Martin said: "These criminal groups - there are quite a few of them - they operate freely from within Russia, they give themselves high-profile names, they've got websites on the so-called dark web, and this particular group has about a two-year history of attacking various organisations across the world.

"They've done automotive companies, they've attacked the Big Issue here in the UK, they've attacked Australian courts. They're simply looking for money."

He said it is "unlikely" the Russian hackers would have known they would cause such serious primary healthcare disruption when they set out to do the attack.

He added: "There are two types of ransomware attack. One is when they steal a load of data and they try and extort you into paying so that isn't released, but this case is different. It's the more serious type of ransomware where the system just doesn't work.

"So, if you're working in healthcare in this trust, you're just not getting those results so it's actually seriously disruptive.

Previously affected healthcare all over the world

Mr Martin said: "This type of ransomware has affected healthcare all over the world.

"It's particularly damaging in the United States, and where this type of cyber attack is different in terms of its impact from others, is that it does affect people's healthcare. So it's really one of the more serious that we've seen in this country."

He said the Government has a policy of not paying but the company would be free to pay the ransom if it chose to.

Regarding patient data, he said: "It's not really a question of data in this one, it's a question of the services.

"The criminals are threatening to publish data, but they always do that. Here the priority is the restoration of services."

Synnovis is a provider of pathology services and was formed from a partnership between SynLab UK & Ireland, Guy's and St Thomas' NHS Foundation Trust and King's College Hospital NHS Foundation Trust.

Some procedures and operations at the hospitals have been cancelled or have been redirected to other NHS providers as hospital bosses establish what work can be carried out safely.

NHS officials said they are working with the National Cyber Security Centre to understand the impact of the attack.

Synnovis said the incident has been reported to law enforcement and the Information Commissioner.

Health Secretary Victoria Atkins said on Wednesday that her "absolute priority is patient safety".

On social media site X, formerly Twitter, Ms Atkins wrote: "Throughout yesterday I had meetings with NHS England and the National Cyber Security Centre to oversee the response to the cyber attack on pathology services in south-east London.

"My absolute priority is patient safety and the safe resumption of services in the coming days."

Hear the latest news from across the UK every hour, on Absolute Radio on DAB, smartspeaker, and on the Rayo app.