A recent ransomware attack on UK healthcare provider Synnovis has caused chaos in several London hospitals, resulting in the cancellation or redirection of services and surgeries. The attack, which occurred earlier this week, has severely impacted the ability of these hospitals to provide patient care, highlighting the far-reaching consequences of cyberattacks on healthcare systems.
Synnovis, a collaboration between two London hospital trusts and SYNLAB, confirmed on June 4th that they were targeted in a ransomware attack that affected all of their IT systems. This led to disruptions in their pathology services, prompting major London hospitals like King’s College Hospital, Guy’s Hospital, and St Thomas’ Hospital to cancel operations. Additionally, transplant surgeries at Royal Brompton and Harefield Hospital were forced to be axed, as reported by Shaun Lintern, health editor at the UK’s Sunday Times newspaper.
The impact of the attack was so severe that the UK National Health Service (NHS) issued a statement on Tuesday, urging hospitals to prioritize urgent work. Despite the disruptions, emergency services remained operational, and patients were instructed to attend scheduled appointments as usual unless informed otherwise.
Cybersecurity experts have emphasized the human consequences of ransomware attacks on healthcare providers. Kevin Kirkwood, deputy CISO at LogRhythm, emphasized how these attacks not only disrupt operations but also endanger patient health, eroding public trust in healthcare institutions. Recent high-profile attacks in the US, such as the ones on United Healthcare’s Change Healthcare and Ascension, underscore the increasing threat healthcare providers face from cybercriminals.
Dan Lattimer, vice president of security firm Semperis, highlighted the drastic impact ransomware attacks can have on patients, increasing the likelihood that affected facilities will pay the ransom. He stressed the importance of hospitals preparing for inevitable disruptions and enhancing their operational resiliency to deter adversaries.
Despite investing heavily in IT security, Synnovis was unable to prevent the attack, leading to disruptions and inconvenience for patients and healthcare providers. The company has mobilized a taskforce to assess the attack’s impact, collaborate with law enforcement, and minimize further fallout with the support of relevant cybersecurity agencies.
Responding to ransomware attacks has become a critical priority for healthcare providers, as reactive measures are no longer sufficient. The US government’s investment in initiatives to enhance cybersecurity resilience in healthcare reflects the urgent need for proactive security strategies in the face of escalating threats.
Healthcare organizations must adopt continuous monitoring, regular security assessments, and comprehensive incident response plans to safeguard critical infrastructure and protect patient safety. Identifying and addressing single points of failure, especially in identity systems storing sensitive data, is crucial to mitigating the risk of ransomware attacks.
As hospitals work towards improving their cybersecurity posture, real-time visibility into network accounts and groups is essential to detect and respond to unauthorized access promptly. By implementing robust security measures and proactive strategies, healthcare providers can enhance their resilience against cyber threats and safeguard patient trust and well-being.