Yesterday, The BBC reported that major hospitals all over London were affected by a ransomware attack, leading to operations and procedures being cancelled and patients being sent elsewhere.
The hospitals affected were those partnered with Synnovis, a company offering pathology services. Hospitals affected include those in central London such as King’s College Hospital, Guy’s and St Thomas’ – two of the city’s biggest hospitals.
What Is A Ransomware Attack?
Ransomware is a software designed to lock a user or organisation out of their systems. Cyberattackers then encrypt these files and demand a ransom payment for the decryption key.
The threat here can involve a variety of scenarios – including leaks, loss of data and financial losses – not to mention a brand’s reputation.
In many cases, paying the ransom is cheaper and more straightforward than other methods, leaving the company affected unable to progress unless it submits to its attacker. In many cases, the ransom demanded is many millions of dollars – so companies are left with their hands tied.
And its not just the companies that are affected, organisations with an extensive client list leave their clients’ data vulnerable too. These types of cyberattacks have also caused damage to various organisations, governments and public services.
In the case of the NHS, the ransomware attack suffered by Synnovis puts a vast amount of patient data at risk of exposure, though it’s currently unclear how severe the situation is. Even more worrying is that any downtime at a hospital can put many lives at risk – and given that ransomware attacks aren’t resolved quickly, this could have catastrophic health implications on many Brits.
To explore the topic further, we asked the experts for their thoughts on how the NHS can – and should – move forward.
Here’s what they had to say…
For any questions, comments or features, please contact us directly.
Oseloka Obiora, CTO at RiverSafe
“When it comes to healthcare, hospitals and other institutions can’t afford to have downtime as it puts people’s lives at risk. Recovery from ransomware attacks can take days, or even weeks and that can cause chaos across the NHS and hospital network, especially when teams are under-resourced. In fact, half of healthcare organisations feel that they aren’t investing enough in cybersecurity, according to our recent research, and in such a high-risk industry that is very concerning.”
“Any attack against critical infrastructure could have a catastrophic impact, let alone ransomware, requiring sturdy cyber defence measures to stay protected. To enhance readiness for when a cyber-attack happens, it is essential that security teams adopt robust network visibility to promptly identify and resolve vulnerabilities across systems to minimise the impact of cyber threats to vital infrastructure. In dispersed environments, where there are many devices attached to hospital networks, observability should be central for security teams to monitor the condition of networks, infrastructure and applications based on data outputs. Effective network visibility through observability could be the difference between hours and days’ worth of downtime when a successful attack happens.”
Trevor Dearing, Director of Critical Infrastructure at Illumio
“NHS systems are a prime target for cybercriminals because one tiny breach can impact multiple entities. This is another example of why breach containment is paramount – containing attacks at the point of entry can dramatically reduce the impact of a breach.
“The ‘chaos factor’, the act of causing mass societal upheaval, is now the driving force behind many cyberattacks, and healthcare is one of the few sectors where cyberattacks can fatally impact human life.
“The fact the attacker gained access to the network through a third-party IT supplier isn’t a surprise. Many healthcare organisations are reliant on these systems to function, and as seen in the Capita IT attack, when these providers are hit, it can have widespread repercussions.
“This is another example of the importance of supply chain security and why hospitals must ensure security controls extend to their third-party software providers. Cybercriminals will always go after the weakest link to gain access to more valuable systems. This is why it’s important to implement a Zero Trust approach. Based on the mantra of “never trust, always verify”, healthcare organisations can tightly control access to critical systems and prevent unauthorised entities from accessing them.”
Dan Schiappa, CPO at Arctic Wolf
“The cyberattack on Kings College Hospital and Guy’s and St Thomas’ hospital demonstrates the fragility of critical infrastructure. As two of the busiest hospitals in the UK, they hold troves of personal and confidential information on patients, meaning this attack could have long-lasting effects. This also demonstrates the power of targeting third-party suppliers, with other users of Synnovis needing to assess their own networks immediately to stop potential intrusions.
“As the hospitals recover, it’s critical they prioritise patching external facing vulnerabilities and establish a comprehensive 24×7 security operations capability. Also, implementing privileged access management can ensure, even if an attacker gets in a network, they cannot access sensitive data. Healthcare providers over the globe should take the suggested steps to ensure patients can safely access care.”
For any questions, comments or features, please contact us directly.
Spencer Starkey, VP of EMEA at SonicWall
“Internet-connected medical equipment can be expensive. When a hospital invests in a new device, they expect it will give them many years of use. But what happens when the original device maker stops developing updates for it? It’s not always as easy as buying a new one, especially if said device costs hundreds of thousands of dollars. Suddenly, that priceless device has become an inexpensive threat vector. We expect to see a continued increase in medical device hacks that will enable cybercriminals to target medical devices and steal patient data, disrupt healthcare operations, or even harm patients. We believe we’ll also see threat actors targeting telehealth platforms.
“Telehealth platforms are becoming increasingly popular, and cybercriminals are taking notice. A compromised telehealth platform can enable a bad actor to steal patient data, disrupt healthcare operations, and even impersonate healthcare professionals. Healthcare organisations need to take steps to secure their telehealth platforms and protect patient data.”
Charlotte Webb, Marketing and Operations Director at Hyve Managed Hosting
“This attack on major London hospitals highlights the issues that can arise when an organisation fails to diversify their digital infrastructure. In this case, when NHS pathology partner, Synnovis, was hit by a cyber attack, it had a major impact – not only on digital operations, but on the delivery of patient care and services, including major surgeries being postponed.
“With healthcare providers reliant on digital operations, in an industry where lives are at risk, putting all your eggs in one basket with a single provider means that risk is not spread across multiple platforms, leaving organisations vulnerable in the event of a cyber attack. To mitigate this, healthcare organisations should look at diversifying their cloud approach, in addition to ensuring that their service providers have comprehensive security measures in place, as well as backup and disaster recovery plans ready for these situations, so that patient care is not affected. Adopting a hybrid or multi-cloud strategy, for example, can mitigate risks by distributing workloads across multiple environments, ensuring that an outage with one provider does not cripple the entire system.”
Jamie Moles, Senior Technical Manager at NDR leader ExtraHop
“Imagine needing emergency care and being turned away because hospitals are crippled by ransomware, unable to access critical patient data. The recent cyber attack on London hospitals is a horrifying reminder that healthcare needs layered security. Prompt patching, multi-factor authentication, and network segmentation are crucial, alongside real time threat detection to spot suspicious activity and potentially stop attacks before they cripple services.
“This is very reminiscent of the 2017 NHS ransomware attack. With billions of pounds being dedicated to the NHS each year you would have thought some of that money could be earmarked for better cyber security. How many incidents like this must happen before critical infrastructure organisations prioritise robust defences?
“Protecting data is vital, but here, it’s about life and death.”
For any questions, comments or features, please contact us directly.
Gareth Pritchard, CTO at Sapphire
“This incident shows the criticality cyber security has on our way of lives. Cyber attacks on our critical infrastructure and services has real world impact. It is vital for organisations to look at their whole supply chain in order to ensure operational availability and resilience.
“The knock on impact of attacks in the supply chain can be significant and we are seeing a growing trend of attackers targeting services business and enablement organisations as they continue their activities.
“Vigilance and security hygiene within organisations and their supply chains must remain vital priorities.”
Gerasim Hovhannisyan, CEO & Co-Founder at EasyDMARC
“Unfortunately, attacks against healthcare facilities are continuing to increase. Today’s outage in London is yet another reminder of the challenges healthcare systems face around the globe. As critical services stall, the impact on patient care and safety is clear, underlining the necessity for robust cybersecurity measures and detailed incident response plans.”
“As healthcare systems become increasingly digitised, the risk of cyber attacks escalates, and their impact can be more significant. Aside from the need for more investment, the inevitability of cyber threats requires a proactive approach. It is no longer a matter of if, but when, a cyber attack will occur. As a result, healthcare providers must be prepared to maintain operations and protect patient safety even in the absence of digital systems. This level of preparedness is essential to safeguarding patients in the case of future attacks.”
Jim McGann, VP of Strategic Partnerships at Index Engines
“Corrupting data became a billion dollar industry last year underscoring the fact that ransomware is a threat that is continuously evolving and regularly aims its malevolence at the healthcare sector with recovery costs averaging $2.73M per attack.
“Ransomware continues to advance by exploiting tech such as GenAI to create variants that quietly corrupt data with minimal traces of intrusion. These new strains use new lightweight and intermittent encryption algorithms, requiring a deep inspection to detect. And there are the slow corrupting variants that fall under threshold alerts and lay the groundwork for a ransom request months into the future.
“It has never been more important for the healthcare sector to adopt security to ensure data integrity – that all data is clean and free from ransomware. When a healthcare organization focuses only on securing its data or high-level content inspections, it may find that newer encryption algorithms may have gone unnoticed and may lead to data recovery challenges.
“True data integrity can be achieved with AI-based machine monitoring millions of file operations with the understanding of how data changes over time. AI can be trained to see and compare user activity and anomalies that may indicate ransomware activity. AI analysis can include content-based security analytics, the key to confidence in knowing that data is free of ransomware, or if an attack occurs, they can find the last version of clean data quickly.”
Chris Deverill, UK Director at Orange Cyberdefense
“With COVID-19 in the rearview mirror, hospitals are still struggling to get back to normality, and seeing yet another cyber attack is a cause for concern. This incident follows last month’s cyber attack on NHS Dumfries and Galloway, where hackers were able to access a “significant quantity of data”, including patient and staff-identifiable information.
“As ransomware attacks continue to gather momentum, hospitals and other critical services need to prioritise protecting themselves against these callous attacks, even on limited resources.
“However, this also speaks to a moral tipping point for bad actors. What makes healthcare different to other industries is that previously attackers had always been explicit in avoiding healthcare – “anti-targeting” – due to moral compass and fear of political blowback. This has gone out the window this year.
“In light of this and more comprehensive and sophisticated attacks, institutions must ensure they understand the evolving ecosystem of cyber extortion incidents, and how to alleviate the risk. Healthcare firms must implement intelligent and agile security measures to diminish the risk of a successful attack.
“Finally, our national critical services must ensure they have a well-defined incident response plan, should the worst happen, to ensure a continuation of vital services.”