Qilin Ransomware Group Behind the Synnovis Cyberattack

by

The Qilin ransomware group responsible for an attack that has upset healthcare services throughout London has added Synnovis, a pathology services provider for NHS hospitals, to its darknet leak site. The ransomware attack at the beginning of June on Synnovis resulted in major interferences to services, particularly blood testing. This latest action of Qilin suggests that its $50m (£40m) ransom demand payment had been ignored by the victim.

The Qilin group early on threatened to leak the information stolen from Synnovis. Now, the National Crime Agency (NCA) is considering the likelihood of retaliating against Qilin for exposing highly sensitive NHS records, including blood test data and other protected health data, on its leak site on June 19, 2024.

The attack has prompted significant service disruption for hospitals managed by King’s College Hospital Foundation Trust and Guy’s and St Thomas’ Foundation Trust. Qilin attacked Synnovis, which has partnered with NHS and provides pathology services like blood transfusions and blood tests. Evelina London Children’s Hospital, Royal Brompton Hospital, and other care sites located in six London boroughs, namely Bexley, Bromley, Lewisham, Greenwich, Southwark, and Lambeth were affected. The attack had a bigger impact than earlier thought as it also affected the Maudsley (Slam) trust, the biggest mental health services provider in the country, and GP surgeries all across South London.

Two NHS trusts had to re-schedule 1,134 operations, which included 97 cancer treatments and 18 transplant surgeries. 2,194 outpatient meetings within 13 days after the attack had been canceled. The health service had to issue an emergency call for O-type blood donations because hospitals could not match patients’ blood as quickly as usual since the cyberattack happened and had to use stocks of universal donor blood.

Because of the critical condition at the affected hospitals, medical students were instructed to do volunteer work up to an extra 12 hours to help the impacted hospitals. A memo was posted on social media stating that the ripple effect of this cyber attack is felt throughout different hospitals, communities, and mental health solutions in the region.

Medical director Dr. Chris Streather of NHS London mentioned that NHS teams are working hard to treat the most number of patients. However, the ransomware cyberattack on Synnovis has impacted services in south east London, with hundreds or thousands of scheduled consultations and procedures canceled, and it is expected to be felt for a longer time. Streather expressed apologies to all who were affected. The staff will re-schedule appointments and operations as soon as possible.

Synnovis is working with the Cyber Operations Team and the National Cyber Security Centre to recover from the attack but cannot yet say when everything will be back to normal.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone