London Hospitals Delay Operations, Switch to Paper After Hack

(Bloomberg) -- Some of Britain’s most prestigious hospitals are postponing operations and are resorting to handwritten notes after a ransomware cyberattack hit a provider that helps manage blood transfusions.

Most Read from Bloomberg

• Russia Is Sending Young Africans to Die in Its War Against Ukraine

• Macron and Scholz Get Trounced by Far Right in EU Elections

• Macron Gambles on Snap French Election in Bid to Stop Le Pen

• Putin Is Running Out of Time to Achieve Breakthrough in Ukraine

• Global Markets Rattled by Europe Political Jitters: Markets Wrap

Certain procedures that rely more heavily on pathology services have been delayed, with blood testing being prioritized for the most urgent cases, the National Health Service said Wednesday. The attack on lab services provider Synnovis has chiefly affected patients using Guy’s and St Thomas’ Hospital, King’s College Hospital as well as primary care in southeast London.

Clinical staff at King’s were told that Synnovis has moved to using paper notes and is relaying test results back to wards by phone, based on a memo sent on Monday by site chief executive Julie Lowe and seen by Bloomberg News. Staff were told to contact the lab testing provider for emergency blood samples for blood transfusions only, and that there was no confirmed timeframe for the restoration of Synnovis’ IT services.

NHS England has deployed a cyber incident response team “to support Synnovis and provide emergency guidance, as well as coordinating with health services across the capital to minimize disruption to patient care,” a spokesperson said.

The full extent of the attack as well as the impact upon data is not yet known.

Umar Wali, a consultant trauma surgeon with King’s College Hospital, told Bloomberg News that most elective procedures had been canceled, but major trauma and emergency surgery was continuing.

UK public bodies have spent more than £1 billion ($1.3 billion) on lab services provided by Synnovis since 2016, according to data company Tussell.

A spokesman for the Driver and Vehicle Licensing Agency, which has used Synnovis for blood alcohol testing, said the agency has been in touch with the provider for reassurance and implemented additional security controls, but has not experienced any impact from the ransomware attack. Representatives for East Kent Hospitals University NHS Foundation Trust and East Sussex Healthcare NHS Trust also said services have not been impacted by the attack.

Synnovis didn’t immediately respond to requests for comment.

Health-Care Targets

Health-care providers globally are increasingly targeted by hackers, who lock employees out of crucial systems or threaten sensitive patient data in a high-stakes gambit for ransoms. A unit of insurer UnitedHealth Group Inc. faced a cyberattack in February that paralyzed much of the US health-care system. A gang of Russian-speaking cybercriminals targeted the Barts Health NHS Trust, whose hospitals care for about 2.5 million people, in July.

Synnovis is a partnership between the company Synlab UK & Ireland, Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospital NHS Foundation Trust. This ransomware attack is the third to hit Synlab AG in the last 12 months. In June 2023, Synlab said its French branch was hit by attacker group Clop. In April this year, a cyberattack paralyzed the group’s Italian operation.

The Russian ransomware group known as Qilin appears to be behind the attack, Ciaran Martin, the former chief executive officer of the UK’s National Cyber Security Centre, told Bloomberg News. In an unusual move, the gang didn’t list Synnovis among its victims on its dark web extortion website, which disappeared from the internet Wednesday.

The reason for the disappearance wasn’t immediately clear. Such outages have occurred when ransomware gangs shift their operations to different web services, or during law enforcement actions.

Qilin previously posted 112 victim organizations, largely from the technology sector, on its website, according to the cyber firm Group-IB.

--With assistance from Jeff Stone.

(Updated to include context in third paragraph about paper notes.)

Most Read from Bloomberg Businessweek

• Legacy Airlines Are Thriving With Ultracheap Fares, Crushing Budget Carriers

• Sam Altman Was Bending the World to His Will Long Before OpenAI

• As Banking Moves Online, Branch Design Takes Cues From Starbucks

• Is There Room for Common Ground on Congestion Pricing?

• David Sacks Tried the 2024 Alternatives. Now He’s All-In on Trump

©2024 Bloomberg L.P.