In June last year, a Russian cybercrime gang called out BlackCat hacked the Barts Health NHS Trust, part of the UK National Health Service which operates several hospitals in London, and some of it published online in an extortion attempt.
Last month, another group called INC Ransom published a huge amount of data: worth three terabytes – from a hack of the NHS Dumfries and Galloway, an NHS board that oversees a healthcare region in Scotland.
And on Monday, hackers launched a ransomware attack on a key NHS partner, a company called Synnovis which helps manage blood transfusions and laboratory services for hospitals operating under the Guy’s and St Thomas’ NHS Foundation Trust and the King’s College Hospital NHS Foundation Trust. . The attack paralyzed services at those hospitals.
The incidents illustrate the numerous cyber security challenges facing the NHS, which delivers healthcare to the NHS The 68 million inhabitants of Great Britain through a network of 229 trusts spread across the kingdom. The system amounts to an extensive network of providers and computer systems, making the NHS the custodian of one of the richest and most comprehensive national health data sets anywhere.
Furthermore, with 1.7 million employees, the healthcare industry is one of the largest employers in the world, trailing almost by a number of metrics everyone except the American and Chinese armiesWalmart Inc. and McDonald’s Corp.
All this makes the NHS an attractive target at a time when financially motivated cybercriminals are increasingly targeting healthcare organizations and attempting to damage or disrupt their IT systems in the hope of extorting them for huge ransom payments. In addition to the recent hacks, one of the most prominent victims of the 2017 WannaCry attackinvolving an early form of ransomware that spread across the world, including disrupting services at a third of NHS trusts, including forcing the closure of several emergency departments.
Of all industries, healthcare providers were the most targeted by ransomware gangs last year, a study shows report by Cisco Systems Inc.’s Talos Threat Intelligence Division. Cisco attributed the targeting to healthcare organizations that generally have “underfunded cybersecurity budgets and a low tolerance for downtime.”
Across the Atlantic, cybercriminals have repeatedly broken into various parts of the healthcare industry, from major hospital systems to one of America’s largest health insurers. Last year the FBI received more reports of ransomware attacks in healthcare and public health than in any other of the sixteen sectors designated by the US government as critical infrastructure.
“When healthcare systems and data are unavailable, lives are potentially at risk. This makes the sector a tempting target for criminals,” Martin Lee, Cisco’s technical head of security research in Britain, wrote in an email. “Disruptions put pressure on management to reward the attackers and quickly restore availability. However, paying the ransom means these attacks remain profitable and ultimately only encourages further attacks.”
Cyber security experts say the growing number of attacks on healthcare providers – including the NHS – also shows how difficult it is to monitor not only their own security, but also that of key suppliers.
This week’s ransomware attack against Synnovis was the third in the past 12 months to hit Munich-based Synlab AG, the company that runs Synnovis together with the two London-based NHS hospital trusts. In June 2023, Synlab, one of Europe’s largest providers of medical diagnostic services and tests, said its French arm was hit by attacker group Cl0p. A cyber attack took place in April this year paralysed The group’s Italian activities.
The company described the latest attack as “an isolated incident with no connection” to the April incident in Italy. It declined to respond to other questions, saying it was still assessing the impact of the breach.
Once an organization is hacked, hackers learn the “cyber terrain,” which increases the likelihood that they can get back in later, even after the victim has cleaned up the original breach and applied more security controls, according to Brad Freeman, co-founder and director technology from the London-based cybersecurity company SenseOn. For example, if an attacker exploits a flaw in a website that is then fixed, it is likely that they and other attackers will find other, similar ways, because the original flaw could be seen as a sign of poor software development practices, he said. .
“Suppliers like Synnovis are life-critical elements of the NHS supply chain,” he wrote in an email. “This data breach highlights the difficulty of securing systems from multiple independent vendors and the potential impact on business operations,” he said.
Like their counterparts in Britain, experts say U.S. healthcare providers remain attractive targets for cybercrime because they often have limited security budgets, complex and vulnerable computer systems and a wealth of sensitive information used to make life-or-death decisions.
Targeting hospitals gives attackers leverage because doctors must quickly resolve resulting disruptions, said Mark Montgomery, a senior fellow at the Foundation for Defense of Democracies who led a U.S. government committee studying cybersecurity.
“They immediately take care of potentially life-threatening conditions — whether it’s your MRI not working, or you can’t get data to the operating room, or you can’t get blood type information,” Montgomery said.
In 2021, a ransomware An attack on Scripps Health’s San Diego hospital network forced staff to cancel medical procedures and divert emergency patients to other hospitals. The hackers took patient records, scheduling systems and other critical systems offline San Diego Union-Tribune reported, forcing medical staff to resort to pen and paper.
Another one last year ransomware The attack hit Ardent Health Services, which operates 30 hospitals in six states, forcing them to postpone certain elective procedures and divert patients from some of its emergency rooms. Another major attack this year affected Ascension, one of the nation’s largest nonprofit healthcare systems. The Catholic hospital network had to divert ambulances, suspend elective surgeries and reschedule appointments as it worked to get its systems up and running again.
“It’s become a rinse-and-repeat goal,” said Joshua Corman, who led the strategy for the U.S. Cybersecurity and Infrastructure Security Agency’s Covid-19 response task force.
The Biden administration recently announced that it plans to require hospitals to meet minimum cybersecurity standards.
Meanwhile, other parts of the healthcare system have also been affected.
In February, hackers broke into a subsidiary of UnitedHealth Group Inc., delaying billions of dollars in payments to doctors and hospitals and leaving hackers with data on as much as one in three Americans. The insurance giant said it paid the hackers a ransom of more than $20 million to stop the release of patient data.
“When attacking life-saving infrastructure such as hospitals and healthcare centers, attackers know they will have the upper hand in any ransom negotiations,” said Adam Marrè, head of information security at cybersecurity firm Arctic Wolf.
