On June 3, 2024, when reported by Hackread.comAttackers launched a targeted ransomware attack on Synnovis, a major outsourced laboratory services provider for NHS hospitals in southeast London.

The perpetrators, identified as the Qilin ransomware gang, claimed to have stolen a lot of hospital and patient data. The gang then demanded a $50 million ransom and threatened to release the data otherwise. As a result of failed negotiations, the gang has now made public the entire dataset it exfiltrated.

Screenshot from the Qilin ransomware darknet site (Screenshot:

In his updated incident reportNHS said King's College Hospital NHS Foundation Trust and Guy's and St Thomas' NHS Foundation Trust were the worst affected NHS trusts in this incident. As a result, these trusts were forced to postpone 1,294 outpatient appointments and 320 planned procedures.

Accordingly According to BBC reports, the ransomware incident had a serious impact on healthcare operations, disrupting more than 3,000 appointments and operations at hospitals and GPs due to disruptions in pathology. can confirm that the Qilin ransomware gang used Telegram to distribute 400GB of sensitive data stolen from Synnovis. This method differs from the typical approach of ransomware groups, who often use dedicated dark web leak sites or make their attacks public to Pressure and shame victims to pay a ransom.

Qilin ransomware on Telegram (Screenshot:

Expert comment

Peter MackenzieDirector of Incident Response at Sophos, commented on the latest development: “Unfortunately, healthcare organizations have been and continue to be a prime target of ransomware attacks because the services they provide are critical to the communities they serve. This puts pressure on targets to get back online as quickly as possible.”

“We have already seen several high-profile ransomware attacks on hospital systems around the world in the past year, and Sophos' recent State of Ransomware report found that 63% of UK healthcare organisations were affected by ransomware in the last year (but most were able to stop the attack before data was encrypted),” said Peter.

“It's further complicated by the increasing number of supply chain attacks across industries. They are a preferred method of attack for many criminal groups because not only are they difficult to combat, but they also have a ripple effect that allows attackers to infiltrate multiple systems at once,” he explained. “In fact, IT and cyber professionals working in the UK healthcare sector view their partners and the supply chain as their biggest cybersecurity risk.”

According to a legal expert on the use of data in the healthcare sector: Sarah Tedstone According to the law firm Fieldfisher, such events are bound to escalate as data plays an increasingly important role in patient care and research.

“We are seeing a growing trend in this sector as there is a global push to prioritize the use and sharing of valuable health data to enable innovation in the sector. The pandemic has shown that more and better quality data has contributed significantly to collaboration and innovation, and we are seeing growth in many sectors, including diagnostic tests, which are contributing to significant health breakthroughs,” she commented.

The data is currently being analyzed, but it is not currently known whether sensitive information such as blood test results may have been published.

“We have seen in other incidents of this kind how distressing this can be for the individuals involved. Disclosure of test results can involve very personal information about the individual, but when genetic or genomic information is involved, it can also allow conclusions to be drawn about larger family groups,” Sarah added.

It is also suspected that confidential financial agreements between the NHS and Synnovis could be made public.

“The consequences of such disclosure could include the loss of valuable, confidential business information and an impairment of competition in the market, which would result in increased costs for the NHS and affect its ability to provide cost-effective services,” Sarah said.

“Regulators around the world are raising concerns about repeated hacking attacks on the healthcare sector and, as a result, criminal sanctions have been imposed for the first time in recent years on the management team of a European healthcare company, which was criticized for poor security and a failure to respond to an incident,” Sarah warned.

The ransomware attack on Synnovis is already demonstrating the impact on healthcare, with over 3,000 hospital and GP appointments and procedures disrupted. This attack not only puts patient confidentiality at risk, but also critical medical procedures. It highlights vulnerabilities in healthcare cybersecurity and requires urgent action to protect patient data and ensure uninterrupted medical care in the face of escalating cyber threats.

  1. BlackSuit ransomware releases Kansas City police data
  2. Black Basta Ransomware exploited Windows 0-Day before patch
  3. INC ransomware hits NHS Scotland, 3TB of patient data at risk
  4. NHS psychiatrist arrested; dark web forum and 7,000 images seized
  5. NHS Dumfries and Galloway faces cyber attack, patient data at risk

Related Post

Leave a Reply

Your email address will not be published. Required fields are marked *