Once again, the NHS has hit the headlines, and the disruption has been significant. In this month’s round up we share further details on the latest attack to the NHS as well as touching upon other key stories hitting the headlines in June.
NHS England has confirmed that patient data managed by blood test management organisation, Synnovis, was stolen in a ransomware attack on June the 3rd.
The Russian cyber-criminal group Qilin has released nearly 400GB of sensitive information on their darknet site. So far, NHS England assures that there is "no evidence" of test results being published, but investigations are ongoing.
The attack disrupted over 3,000 hospital and GP appointments but patients were advised to attend their appointments unless otherwise informed. Cybersecurity expert Ciaran Martin has described the attack as "one of the most significant and harmful cyber-attacks ever in the UK."
The stolen data is said to have included patient names, dates of birth, NHS numbers, and blood test descriptions, as well as business account spreadsheets detailing financial arrangements. The attack saw hackers from the Qilin gang encrypt vital information, making IT systems inoperative, they then proceeded to download private data in order to extort a ransom.
It’s said that the gang demanded a $50 million ransom, leading the UK government to consider deploying the National Crime Agency to respond.
Patients affected by the attack may face delays of up to six months for blood tests leading to some having to resort to private clinics due to the long waiting periods. Nine acute or specialist NHS hospitals and various healthcare providers in southeast London that serve 2 million people, have been severely impacted, now limiting blood tests to only urgent cases.
The attack also forced the cancellation of 1,134 planned operations and 2,194 outpatient appointments, including 184 cancer procedures and 64 organ transplants.
NHS England is working with Synnovis and the National Crime Agency to address the issue and has set up a helpline for affected individuals. The restoration of full IT functionality is said to take time, and disruptions are expected to continue for several months.
Group 1 Automotive that operates 202 dealerships in the US and UK has announced that last week's cyber-attack on their software provider, CDK Global, caused significant disruption across its US operations. The attack forced dealerships in the USA and Canada to revert to manual processes for sales and repairs after CDK's dealer management systems were taken down. CDK serves around 15,000 car dealers in North America, it is said they’ve begun restoring their systems following a ransom payment to the hackers that are believed to be based in Eastern Europe.
It’s reported that Group 1’s UK operations were unaffected but, this attack is just another example of the disruption cyber-attacks can bring to any industry. In response to the incident, Group 1 activated its cyber-incident response procedures to protect and isolate systems.
CDK is expecting full system restoration to take days rather than weeks, but the timeline for other affected applications is still uncertain.
Mark Edwards, Chief Information Security Officer at Digital Health and Care Wales (DHCW) has recently warned of increasing cyber-attacks on critical national infrastructure due to global conflicts.
Speaking at the NHS Confed Expo in Manchester on June 12, Edwards highlighted that escalations in global tensions are likely to lead to a surge in cyber assaults aimed at causing significant disruption.
He noted that these attacks will not be limited to extortion but will target system outages. This prediction follows the ransomware attack on Synnovis.
Edwards has emphasised the importance of supply chain security. Lena Samuels, Chair of the Hampshire, Southampton, and Isle of Wight Integrated Care Board, echoed these concerns, stressing the massive risks posed by supply chain vulnerabilities. She’s called for better risk management and board-level awareness to address these critical cybersecurity issues.
On the 24th June the Council of the European Union issued a press release stating that they have imposed additional restrictive measures on six individuals involved in cyber-attacks targeting critical infrastructure, state functions, classified information, and government emergency response systems within EU member states.
These sanctions are the first time the EU has targeted cybercriminals conducting ransomware campaigns against essential services.
The new sanctions list includes two members of the ‘Callisto group,’ Ruslan Peretyatko and Andrey Korinets. This group has been behind sustained phishing campaigns designed to steal sensitive data related to state functions, including defence and foreign relations.
Other individuals sanctioned include, Oleksandr Sklianko and Mykola Chernykh from the ‘Armageddon hacker group.’ This group has carried out impactful cyber-attacks on the governments of EU member states and Ukraine using phishing emails and malware.
The EU has also sanctioned Mikhail Tsarev and Maksim Galochkin, key individuals behind the deployment of the ‘Conti’ and ‘Trickbot’ malware, associated with the ‘Wizard Spider’ threat group. Trickbot’s ransomware campaigns have affected various sectors and caused significant economic damage in the EU.
Asset freezes, travel bans, and prohibiting EU persons and entities from making funds available to those listed are among the sanctions.
These actions highlight the EU's commitment to strengthening its response to continuing malicious cyber activities targeting the EU. Moving forward, the EU aims to work with international partners, including the UK and the US, to disrupt and respond to cybercrime, and work towards promoting a global, open, and secure cyberspace.
At Brigantia, we work with channel partners, supporting them to provide their clients with the latest information and cybersecurity products to keep businesses secure. If you’re looking for guidance on the best solutions to keep your customers protected. Speak to our team.