Two hospital trusts in London have been hit by a “major IT incident” in what appears to be the second most serious NHS cyberattack of this year. King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust have seen several primary services impacted. As such, this has led to the curtailing of vital procedures, including blood transfusions, and the cancellation or reassignment of several operations.

“The staff on the ward didn’t seem to know what had happened, just that many patients were being told to go home and wait for a new date,” one patient told PA Media. “I’ve been given a date for next Tuesday and am crossing my fingers.”

NHS cyberattack could have ransomware links

The incident is believed to have begun on Monday when staff at the affected trusts complained of being unable to access relevant servers. The cyberattack itself appears to have targeted Synnovis, a pathology service provider formed out of a collaboration between King’s College and Guy’s and St. Thomas’ NHS trusts. Sources speaking to the Health Service Journal stated that the impacted systems were victims of a ransomware attack. Meanwhile, staff told Sky News that doctors overseeing emergency blood transfusions were being forced to record their notes exclusively on pen and paper. 

If ransomware is involved, it would be the second major NHS cyberattack of this year. In March, hackers from the INC Ransom collective threatened to release patient data it had stolen from NHS Dumfries and Galloway. The trust later confirmed that the data being offered for sale by the group was genuine. “NHS Dumfries and Galloway is very acutely aware of the potential impact of this development on the patents whose data has been published, and the general anxiety which might result within our patient population,” said its health board chief executive, Jeff Ace. 

Hospitals tempting targets for ransomware criminals

Healthcare institutions remain juicy targets for ransomware gangs, said Martin Lee, Cisco’s technical lead of security research, with hackers believing the consequences of their actions likely to accelerate quick returns for their efforts. “Outages apply pressure on management to pay off the attackers to restore availability quickly,” argued Lee. “However, paying the ransom means that these attacks remain profitable and ultimately only serve to encourage further attacks.”

Warding off future attacks requires a strategy of reliance on the part of healthcare providers, added Lee. That, he elaborated, requires “blocking as many attacks as possible, quickly identifying when attackers have gained access to systems – and responding swiftly to eject attackers and restore functions if attacks do succeed.”