Ransomware attack ravages the British healthcare system

London's Air Ambulance MD Helicopters MD-902 Explorer G-EHMS. Bild von Tony Hisgett via flickr.com. Lizenz: Creative Commons

A ransomware attack by the Russian group Qilin has hit hospitals in Southeast London, causing disrupted operations and postponed appointments. To make matters worse, the hackers are now releasing personal patient data.

On June 3, a severe ransomware attack struck several hospitals in Southeast London. The healthcare sector was significantly impacted for over two weeks, resulting in more than a thousand surgeries and even more consultations being canceled.

The victim of the attack was Synnovis, a pathology service provider for the NHS, the UK’s healthcare system, which analyzes around 100,000 blood samples daily. Consequently, numerous hospitals in South London, as well as clinics throughout the city, faced severe restrictions. Internal sources described it as a „critical incident“ that greatly limited various services, especially blood transfusions.

Systems are now back up and running. However, the worst is yet to come. The hackers from the Russian ransomware gang Qilin, also known as Agenda, demanded £40 million in Bitcoin to keep sensitive data confidential. The ransom was apparently not paid, as the hackers have now published 400 gigabytes of patient data, including birthdates and blood test results, some for HIV and cancer. The NHS is currently verifying the authenticity of the data, a process that could take weeks due to its complex nature. As there are no backups of the test results, thousands of patients will need to be retested.

The Qilin hacker group has been operating since October 2022 using the „Ransomware-as-a-Service“ model: they provide other hackers with the malware and the infrastructure needed to collect ransoms, allowing these hackers to do the legwork of infiltrating the victims‘ systems. In return, Qilin gets a share of the proceeds. This division of labor has developed in the ransomware industry over the past few years and is being closely monitored by security experts with great concern.

Healthcare providers have proven to be lucrative targets, often due to outdated computer infrastructure that makes them easy prey. Additionally, because the consequences can be life-threatening, high ransoms can be coerced.

Only in February of this year did the USA witness the most severe attack in the healthcare sector, with the hacking of Change Healthcare. The attack disrupted billing and information systems nationwide. Although Change Healthcare paid $22 million in Bitcoin to the Russian ransomware hackers ALPHV (also known as „BlackCat“), the aftermath revealed dire consequences.

Due to the hacking, the billing systems in the US healthcare sector were often disrupted, causing doctors and pharmacists to suffer significant losses due to unpaid or delayed prescriptions. The parent company of Change Healthcare, UnitedHealth Group, allocated $2 billion to mitigate the fallout, but these funds have since been exhausted without resolving all the financial issues stemming from the hack. The case is now also being litigated in court, with 49 lawsuits already filed at the Federal Court of Minnesota, accusing Change Healthcare of negligence in data security. As the saying goes, when it rains, it pours…

The ongoing ransomware attacks on the healthcare system have become a serious threat. Clinics and service providers can undoubtedly make their systems more secure, but the price they pay is often reduced flexibility and increased ongoing effort. Therefore, future attacks are likely, especially considering that hackers may soon use generative AI to carry out even more sophisticated social engineering attacks. That these attacks frequently originate from Russia, providing it with foreign currency through Bitcoin ransoms while simultaneously weakening the West, and that the Russian intelligence service apparently collaborates with the hackers, does nothing to reassure the public.