A week after a cyberattack hit two major hospital trusts in London, the NHS is urgently appealing for O-blood donors, as it has not yet fully recovered from the incident.
The ransomware attack, allegedly perpetrated by Russian hacker group Qilin, targeted the pathology service provider Synnovis on Monday 3 June, which operates at King’s College Hospital, Guy’s Hospital, St Thomas’ Hospital, Royal Brompton Hospital, and Evelina London Children’s Hospital.
The cyberattack has significantly impacted blood transfusion services, prompting NHS Blood and Transplant to issue an urgent appeal for O-negative blood donors on Monday. O-negative blood is crucial in emergencies as it can be used universally without needing the recipient’s blood test results, which are now largely inaccessible due to the IT incident.
With such attacks increasingly targeting the global health sector, Microsoft announced on Monday that it would launch a cybersecurity program to help rural US hospitals defend themselves from such threats.
Why are hospitals – and the NHS – a top target for cyberattacks?
The ongoing attack on the NHS is proving it again, hospitals are an ideal prey for ransomware attacks. In fact, the risks healthcare providers encounter when their services aren’t operative are potentially vital for patients, meaning they rarely have time to resort to alternative options (such as ransomware decryptors) and have to pay the ransom asked by attackers to retrieve access to their IT services quickly.
Perhaps unsurprisingly then, the number of ransomware attacks on the healthcare sector worldwide is increasing yearly. According to the US government’s Cyber Threat Intelligence Integration Center (CTIIC), worldwide ransomware attacks against healthcare providers have “steadily increased and nearly doubled since 2022, reaching a total of 389 claimed victims in 2023 compared with 214 in 2022”.
Not only is healthcare data powerful material for ransomware gangs, but it is also valuable on the black market. In 2019, Ernst & Young reported that NHS data held in 55 million patients’ records was worth £9.6bn a year, making it a coveted target for hackers.
How are the UK and the US defending against cyberattacks on hospitals?
Given the growing cyber threat on hospitals and the healthcare sector in the UK and globally, the British government set out a strategy to protect the NHS against cyberattacks in March 2023. The plan aims at building “cyber resilience in health and care by 2030”, by ensuring “continued services across an increasingly digitised sector,” protection of “valuable personal data”, and building of “patient and service user trust.”
Microsoft announces cybersecurity program to support rural hospital
Similar efforts have also been announced on the other side of the Atlantic. On Monday, Microsoft said it collaborated with the White House, the American Hospital Association and the National Rural Health Association to develop a new cybersecurity program that supports rural hospitals in the US, which Microsoft said are among the “top targets for cyberattacks”.
As part of this initiative, the tech giant will provide its products and solutions to rural health facilities for reduced prices (up to 75% discount) or at no cost for one year. “Cyber-attacks against the U.S. healthcare systems rose 130% in 2023, forcing hospitals to cancel procedures and impacting Americans’ access to critical care,” said Anne Neuberger, Deputy National Security Advisory for Cyber and Emerging Technologies.