The NHS is experiencing devastating impacts following a cyberattack on Synnovis, a provider of pathology services for several hospitals in London. This attack has resulted in significant delays in processing pathology results and information. Consequently, this has had a widespread impact on hospitals and GPs in London, affecting an estimated 1.8 million people.
The attack has led to the cancellation of operations and the redirection of accident and emergency patients. Affected practices have reverted to traditional methods of delivering results by paper and hand. The NHS has also reportedly issued a critical blood donor announcement due to the issue.
The exact method of the attack is still to be confirmed, but it is likely to have been conducted by the Russian hacker group, Qilin. The attack has locked Synnovis’ systems using ransomware, which restricts access until a payment is made.
Who is Qilin?
Qilin is a Russian-speaking ransomware cybercriminal gang that operates using a ransomware-as-a-service model. It is estimated that they have been active since 2022.
The group previously claimed responsibility for an attack on the publisher of the UK’s well-known Big Issue earlier this year.
As it stands, Synnovis has not been listed as a victim on the hacker group's website, where they add names following a successful attack.
What is ransomware-as-a-service (RaaS)?
Ransomware-as-a-service is an operational model used by many ransomware hacker groups. Similar to the Software-as-a-Service (SaaS) model, which sells software, these hacker groups sell tools or code to other hackers to conduct cyberattacks.
Many hacker groups use ransomware as their primary method of attack. Ransomware-as-a-service options enable hackers with limited time, experience, or resources to conduct attacks without needing to develop their own tools and structures. These tools are thoroughly tested and proven successful, making it much easier for hackers to deploy.
Potential entry points - could it have been prevented?
As mentioned earlier, the exact method and entry point of the attack have not yet been confirmed. However, using our cyber risk monitoring tool, Breach Check, our CEO, Andrew Martin, identified some potential vulnerabilities, significant leaked information, and hacker chatter targeting the business's digital footprint. Depending on the actual entry point, there is a good chance that with proper monitoring, indications of this attack could have been detected and either prevented or minimised.
Hacker chatter is an indication that a hacker planning an attack, and if a business is alerted in good time, this can enable them to ensure they have the right measures and defences in place by pinpointing exactly where hackers are currently or planning to target.
Vulnerability scanning allows businesses to identify weaknesses that could leave them exposed enabling them to apply patches or update systems.
Finally, it is crucial to be alerted to data leaks as soon as they occur. This gives a business the chance to update associated credentials and information or limit account access.
The importance of ongoing monitoring
Ongoing monitoring of a business’s cyber risk landscape is imperative for protection. Along with strong cybersecurity hygiene, education also plays a vital role in keeping businesses protected.
Some key cybersecurity measures to always keep in mind are:
- 2-step/multi-factor authentication
- Complex passwords
- Restricting, monitoring and regularly assessing employee access
- Endpoint protection
- Firewalls
- Anti-virus software
- Phishing awareness and education
- Regular updates
For more information on our cyber risk monitoring and management tools, refer to our product pages or get in touch with our team to learn how we can help protect your business or your customers’ businesses.