Ransomware Assault on NHS: A Deep Dive into the Synnovis Data Breach

The latest attack

In a recent update from NHS England, it was confirmed that patient data managed by the blood test management organisation Synnovis was stolen in a cyber-attack on Monday 3rd June. This breach was carried out by Qilin, a Russian cybercrime group, who subsequently shared nearly 400GB of private data on their darknet site the following Thursday, aiming to extort money from Synnovis. Qilin demanded $50 million from Synnovis, unsurprisingly, they didn’t pay the requested ransom.

The ripple effects of this cyber-attack were significant, with serious disruptions to services being experienced across seven NHS hospitals run by two separate NHS trusts. More than 3,000 hospital and GP appointments were thrown into chaos as a direct result.

The hackers executed the breach by injecting malware into Synnovis’s IT system. This software locked the entire computer system until a ransom was paid to regain control and remove the ransomware. The stolen data, as seen by the BBC, included sensitive patient details such as names, dates of birth, NHS numbers, and descriptions of blood tests. The hackers also obtained business account spreadsheets, detailing financial transactions between hospitals, GP services, and Synnovis.

Disturbingly, this is not an isolated incident for Synlab, the parent company of Synnovis, as they’ve experienced a total of three significant cyber security breaches in the past year. In June 2023, a ransomware gang named Clop hacked the company’s French branch, shortly after Synlab hit the news for a breach impacting payroll providers for companies including British Airways, Boots, and the BBC.

The series of security breaches is a clear indication that the healthcare industry needs to increase its focus on safeguarding data. Maintaining the trust of patients and ensuring the security of sensitive information must be top priorities.

What is a Ransomware Attack?

Ransomware is a form of harmful software that infiltrates server computers, desktops, laptops, tablets, and smartphones. It typically navigates through networks onto other devices. When breaching a system, it surreptitiously encrypts every data file within its reach, then displays a ransom message to the user, insisting on an online payment varying from hundreds to thousands of pounds (usually requested in a cryptocurrency like Bitcoin). This is in exchange for the decryption keys required to recover the user’s locked files. The demand generally specifies a series of payment deadlines. Each deadline that passes without payment results in a heightened ransom demand and, frequently, the deletion of files. If the user fails to surrender the demanded amount, the attacker discards the decryption keys, rendering the data permanently vulnerable. 90% of the time, even if you pay, you don’t get the decryption key back unfortunately. In most scenarios it is simply a scam. On the other hand, in the case of Synnovis, the hacking group did have the key and if they had paid, they likely could have got their data back.

Why are the NHS targeted so frequently?

National Health Service (NHS) is facing serious cybersecurity attacks continuously, with hackers targeting them time after time. The key obstacle that the NHS faces is its lack of adequate funding needed to bolster their systems and, as a result, their defences. This poses a significant risk as health records are a veritable goldmine for cyber criminals. Cyber criminals can procure this information and sell it on the black market for a large amount of money, making the health sector a prime target for cyber-attacks.

Hospitals hold endless amounts of confidential patient data, which can range from medical histories to personal identifiers. This level of comprehensive information is highly valuable to hackers who can leverage this wealth of knowledge for sinister purposes. This necessitates that hospitals amplify their efforts to keep their information safe; a task made all the more important in light of rules such as the General Data Protection Regulation (GDPR). These regulations mandate that patient information be kept as secure as possible, with severe penalties for failure to comply. That being said, keeping security systems up to date is made even more difficult for the NHS. This is because they can’t just turn off their systems to perform updates, their servers must be kept on 24/7 or else people can’t be treated. Alongside this, the NHS don’t have the budget for fancy redundancy to allow for downtime to not be impactful to doctors.

Within healthcare, technological advancements are a double-edged sword. New medical technology such as state-of-the-art imaging machines, insulin pumps, and heart defibrillators significantly improves patient care, but they also potentially widen the window of vulnerability to cyber-attacks. In worst-case scenarios, a skilled hacker might even gain control over a medical device, putting patient lives at risk and hindering hospital’s life-saving efforts.

Cybercriminals understand that these medical devices do not store patient data directly, however, they are effective soft targets due to their often less robust security compared to other networked devices such as laptops and computers. This equipment provides hackers with a gateway to other devices on the network or enabling them to deploy damaging ransomware.

Furthermore, the NHS workforce, already under massive pressure, wrestles with back-breaking hours and demanding deadlines. Incorporating cyber security protocols into their strenuous workload is a nonstarter. Alongside this, medical professionals do not necessarily have the expertise to recognise and mitigate online threats. It is imperative, therefore, that any security measures introduced are streamlined and blend seamlessly with the current software and cyber security best practices be taught to staff to limit security risks and to reduce strain on the workforce.

If you want to better protect your organisations sensitive data against attacks, contact Intercede today and arrange a free audit to identify your weaknesses and book in for a demo of MyID PSM and MyID MFA to see how we can protect you going forward.

 

Trusted by Governments and Enterprises Worldwide

Where protecting systems and information really matters, you will find Intercede.  Whether its citizen data, aerospace and defence systems, high-value financial transactions, intellectual property or air traffic control, we are proud that many leading organisations around the world choose Intercede solutions to protect themselves against data breach, comply with regulations and ensure business continuity.