On Monday 3 June, 2024, Russian Ransomware group Qilin attacked Synnovis – a partnership between two London-based Hospital Trusts that provides pathology services to the UK’s National Health Service (NHS). However, this one attack caused significant disturbances that far exceeded the initial evaluation.
The attack crippled Synnovis IT systems, resulting in interruptions to many of it’s pathology services, and since Synnovis processes samples and provides blood for Guy’s and St Thomas’ NHS Foundation Trust, King’s College Hospitals NHS Trust, and European medical testing giant SYNLAB, the ripple effect was enormous, effecting the hospitals under the two Trust Partners, South London, and Maudsley NHS Foundation Trust. To date, More than 6,000 operations and appointments have been postponed at various London hospitals.
What is the cost of such attack?
Trying to quantify the total economic impact of the attack is tricky, as we don’t yet know the cost to repair Synnovis IT systems, ransom payments, the cost of cyber IR services consumed during this time, litigation costs, insurance, etc. We can try and estimate the damage caused by the cancellation or postponement of operations. According to a 2021 report, the average cost to the NHS for an operation that needs to be rescheduled was estimated at around £4,000. This means that the cost of surgeries alone is around £24 million pounds (the estimated cost of a day of delayed treatment to the UK economy, is approximately £400 per patient. It is unknown what will the total impact of such delays, but since the attack has been going on for a week, it can be estimated in hundreds of thousands of days, resulting in hundreds of millions of pounds cost to the economy).
Could it have been prevented?
As more details of the attack emerge, it seems that the associated trusts knew that Synnovis was at risk, according to documents seen by Bloomberg News. The internal documents (containing conversations between Guy’s and St Thomas NHS Foundation Trust board of directors earlier this year) noted that Synnovis (as well as other contractors ) were repeatedly failing to meet data security standards, and it was perceived as a grave cybersecurity risk to London hospitals. While the risk was identified prior to the attack, it is unknown which actions were taken internally by these hospitals or externally (for instance- by demanding that Synnovis act to improve it’s security systems and procedures). Perhaps if such cautionary measures had been taken, this attack would not have manifested in such devastating manner. It is likely that the fallout from the attack would not impact Synnovis itself, but some of the London hospitals officials who knew about the risk but allegedly failed to act.
On a national level, while NHS England said it had invested £338m in the past seven years in improving its cybersecurity resilience, but it is unclear how much was invested in addressing 3rd party risks.
What are the lessons learned from this attack?
In an interview to the BBC Prof. Ciaran Martin, former head of the NCSC (National Cyber Security Centre, UK’s equivalent of CISA) said that he was horrified, but not completely surprised, since Ransomware attacks on healthcare are a major global problem. He described the attack as “one of the most serious in British history”, and highlighted three critical issues facing NHS cybersecurity: outdated IT systems, the need to identify vulnerable points, and the importance of basic security practices. These three problems could be solved by migrating more IT operations to the cloud. It is the easiest and fastest way to overhaul ageing IT infrastructure and replace it with modern technology stack. Identifying vulnerabilities in the cloud is challenging, but to a lesser extent then on-prem systems, and, with the use of modern AI-based tools, it will become easier to quickly identify and remedy vulnerabilities. Done correctly, greater cloud adoption will also reduce the risk of 3rd party vendors down the supply chain (if these are also required to use modern, secure cloud infrastructure).
Summary
The Synnovis Ransomware attack is another one in a long line of cyber attacks targeting the UK healthcare sector. Unlike previous attacks (such as the WannaCry attack of 2017), this attacked managed to halt operations at several hospitals without actually infecting them. This has happened due to the centralized nature of how these institutes operate. However, this attack emphasizes how large scale system can grind to halt if they have a single point of failure. We can hope that the NHS will invest in reducing the risk from the supply chain so that such attacks with catastrophic impact will not reoccur.
How Skyhawk Security Can Help
Skyhawk Security bridges the gap between threat exposure management and threat detection and response with an automated, AI-driven approach. Our adaptive threat detection ensures continuous protection as your cloud architecture evolves, reducing the risk of third-party vulnerabilities.
- Comprehensive Threat Detection: Using AI-powered insights to identify and respond to threats in real-time.
- Automated Remediation: Implementing trusted automated responses to stop breaches before they impact operations.
- Supply Chain Security: Ensuring that third-party vendors meet stringent security standards to prevent single points of failure.
Don’t let your organization fall victim to cyber-attacks. Contact Skyhawk Security today to learn how our advanced solutions can safeguard your IT infrastructure and ensure continuous, secure operations.
