Healthcare’s main illness? Relying on 3rd party vendors that creates a single point of failure.

Blog Cloud Infrastructure Cloud Security

On Monday 3 June, 2024, Russian Ransomware group Qilin attacked Synnovis – a partnership between two London-based Hospital Trusts  that provides pathology services to the UK’s National Health Service (NHS). However, this one attack caused significant disturbances that far exceeded the initial evaluation.

The attack crippled Synnovis IT systems, resulting in interruptions to many of it’s pathology services, and since Synnovis processes samples and provides blood for Guy’s and St Thomas’ NHS Foundation Trust, King’s College Hospitals NHS Trust, and European medical testing giant SYNLAB, the ripple effect was enormous, effecting  the hospitals under the two Trust Partners, South London, and Maudsley NHS Foundation Trust. To date, More than 6,000 operations and appointments have been postponed at various London hospitals.

What is the cost of such attack?

Trying to quantify the total economic impact of the attack is tricky, as we don’t yet know the cost to repair Synnovis IT systems, ransom payments, the cost of cyber IR services consumed during this time, litigation costs, insurance, etc. We can try and estimate the damage caused by the cancellation or postponement of operations. According to a 2021 report, the average cost to the NHS for an operation that needs to be rescheduled was estimated at around £4,000. This means that the cost of surgeries alone is around £24 million pounds (the estimated cost of a day of delayed treatment to the UK economy, is approximately £400 per patient. It is unknown what will the total impact of such delays, but since the attack has been going on for a week, it can be estimated in hundreds of thousands of days, resulting in hundreds of millions of pounds cost to the economy).

Could it have been prevented?

As more details of the attack emerge, it seems that the associated trusts knew that Synnovis was at risk, according to documents seen by Bloomberg News. The internal documents (containing conversations between Guy’s and St Thomas NHS Foundation Trust board of directors earlier this year) noted that Synnovis (as well as other contractors ) were repeatedly failing to meet data security standards, and it was perceived as a grave cybersecurity risk to London hospitals. While the risk was identified prior to the attack, it is unknown which actions were taken internally by these hospitals or externally (for instance- by demanding that Synnovis act to improve it’s security systems and procedures). Perhaps if such cautionary measures had been taken, this attack would not have manifested in such devastating manner. It is likely that the fallout from the attack would not impact Synnovis  itself, but some of the London hospitals officials who knew about the risk but allegedly failed to act.

On a national level, while NHS England said it had invested £338m in the past seven years in improving its cybersecurity resilience, but it is unclear how much was invested in addressing 3rd party risks.

What are the lessons learned from this attack?

In an interview to the BBC Prof. Ciaran Martin, former head of the NCSC (National Cyber Security Centre, UK’s equivalent of CISA) said that he was horrified, but not completely surprised, since Ransomware attacks on healthcare are a major global problem. He described the attack as “one of the most serious in British history”, and highlighted three critical issues facing NHS cybersecurity: outdated IT systems, the need to identify vulnerable points, and the importance of basic security practices. These three problems could be solved by migrating more IT operations to the cloud. It is the easiest and fastest way to overhaul ageing IT infrastructure and replace it with modern technology stack. Identifying vulnerabilities in the cloud is challenging, but to a lesser extent then on-prem systems, and, with the use of modern AI-based tools, it will become easier to quickly identify and remedy vulnerabilities. Done correctly, greater cloud adoption will also reduce the risk of 3rd party vendors down the supply chain (if these are also required to use modern, secure cloud infrastructure).

Summary

The Synnovis Ransomware attack is another one in a long line of cyber attacks targeting the UK healthcare sector. Unlike previous attacks (such as the WannaCry attack of 2017), this attacked managed to halt operations at several hospitals without actually infecting them. This has happened due to the centralized nature of how these institutes operate. However, this attack emphasizes how large scale system can grind to halt if they have a single point of failure. We can hope that the NHS will invest in reducing the risk from the supply chain so that such attacks with catastrophic impact will not reoccur.

How Skyhawk Security Can Help

Skyhawk Security bridges the gap between threat exposure management and threat detection and response with an automated, AI-driven approach. Our adaptive threat detection ensures continuous protection as your cloud architecture evolves, reducing the risk of third-party vulnerabilities.

  • Comprehensive Threat Detection: Using AI-powered insights to identify and respond to threats in real-time.
  • Automated Remediation: Implementing trusted automated responses to stop breaches before they impact operations.
  • Supply Chain Security: Ensuring that third-party vendors meet stringent security standards to prevent single points of failure.

 

Don’t let your organization fall victim to cyber-attacks. Contact Skyhawk Security today to learn how our advanced solutions can safeguard your IT infrastructure and ensure continuous, secure operations.

Blog

We may have recently been exposed to the largest cyber campaign of all times, in which China managed to completely penetrate the communications infrastructure of its great rival, the United States.In doing so, gained access to huge amounts of invaluable

Cloud Breach
Blog

The global cloud market continues to grow rapidly, growing 23% year-over-year. This year, Google captured 13%, up from 10% last year. Google complements this impressive growth rate with an emphasis on privacy and security. The commitment to security is clear,

Cloud BreachCloud SecurityCSPM
Blog

Re:Invent has come to a close and we had a great week! We kicked off the week with our product announcement. Did you know that most threat actors (70%) are logging into the cloud – they are not “breaking in”.

Cloud BreachCloud SecurityThreat Detection
Blog

Skyhawk Security is proud to announce the expansion of its cloud threat detection and response capabilities with Interactive CDR. This new capability expands the team that can verify if an activity is malicious or not, by going to the alleged

AICloud BreachCloud SecurityThreat Detection
Blog

Skyhawk Security announces the availability of new features and integrations of its Autonomous Purple Team, aimed at extending detection and improving security validation as well as pre-validating threat detection alerts, to effectively manage the security of your cloud. The company

AICloud BreachCloud SecurityThreat Detection
Blog

By Asaf Shahar, VP, Product at Skyhawk Security Securing cloud environments presents unique challenges due to their constantly evolving nature. CERT-IL’s alert on public cloud threats (ALERT-CERT-IL-W-1810) underscores common vulnerabilities—exposed credentials, service misconfigurations, and inadequate tenant isolation—frequently exploited by attackers.

AICloud BreachCloud SecurityThreat Detection

Thanks For Reaching Out!

One of our expert will get back to you
promptly at asafshachar@gmail.com

See the Purple Team
See the breach before it happens
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.