Fraud Management & Cybercrime , Ransomware , Standards, Regulations & Compliance
NHS Ransomware Hack: 1,500 Medical Appointments Rescheduled
Hospitals Says Restoring the Affected IT Systems Will Take WeeksThe ransomware attack on a key U.K. National Health Service IT vendor has forced two London hospitals to reschedule around 1,500 medical appointments including critical cancer treatments and organ transplant surgeries.
The June 3 attack is disrupting operations at NHS King's College and Guy's and St. Thomas' in London. Attackers compromised servers of Synovia, the main pathology services vendor to the two hospitals (see: UK Vendor's Attack Disrupts Care at London NHS Hospitals).
The attack severely disrupted hospital services including blood testing at King's College Hospital, forcing the facility to temporarily prioritize patients with urgent needs. NHS Blood and Transplant called on O positive and O negative blood donors to book appointments with the 25 NHS Blood Donor Centers to boost blood supplies in the wake of the hack.
In an update on Friday, NHS England said more than 800 planned operations and 700 outpatient appointments had to be rescheduled following the attack. These included nearly 100 scheduled cancer treatments and 18 organ transplant surgeries.
"Having treatment postponed is distressing for patients and their families," said Dr. Chris Streather, medical director, NHS London. "There is no doubt the ransomware cyberattack on Synnovis is having a significant impact on services in south east London, with hundreds of appointments and procedures being postponed."
Synnovis did not immediately respond to a request for comment by Information Security Media Group. In its Friday update, NHS England said the IT provider is "focused on the technical recovery of the system" at the moment. Complete restoration of affected systems is expected to take months.
"We expect disruption to be felt for some time," Streather said.
Despite the U.K. government acknowledging the threat ransomware poses to the country, ransomware and cybersecurity have been a low priority in terms of policy intervention for British political parties ahead of the election.
The election manifestos of the Conservative, Labor and Liberal Democrat parties have stressed the need to make additional investments in the NHS. But their support mainly focuses on improving the medical services offered by NHS hospitals.
"Cybersecurity doesn't affect people in the way that, for instance, threat of street violence or the fear of street violence does. The cybercrime that affects most individuals is fraud, and the government and banks are doing a good job addressing it," said David Wall, professor of criminology at the University of Leeds.
Wall said that the government has been treading a "thin political tightrope" to address threats such as ransomware that originates from oversees actors.
"In terms of hacking, the main concern is from attackers who are in countries where English is not the dominant language. It's a different issue if the victims are inside the country," Wall said.