Almost 200 cancer operations postponed as ransomware group publishes London hospitals data
The hackers behind the cyberattack disrupting healthcare across London have published patients’ stolen data online, as the National Health Service confirms more than 1,100 operations in total — almost 200 of them relating to cancer treatments — have been postponed due to the incident.
Health service staff have been “coordinating work across affected services, as well as with neighbouring providers and national partners to manage disruption,” stated NHS England, although it is feared the disruption could last until September.
Earlier this month, the cyber extortionist gang Qilin hit Synnovis, a business providing pathology services for hospitals and local clinics in the capital. It caused major disruption to services, forcing NHS England London to declare a regional critical incident.
After listing Synnovis on their darknet site this week, Qilin has released more than 100 compressed files over Telegram it claims contain sensitive information captured from the pathology company’s systems. The move is intended to punish the business for refusing to pay the group a ransom fee.
In a statement NHS England said it “has been made aware that the cyber criminal group published data last night which they are claiming belongs to Synnovis and was stolen as part of this attack.
“We understand that people may be concerned by this and we are continuing to work with Synnovis, the National Cyber Security Centre and other partners to determine the content of the published files as quickly as possible. This includes whether it is data extracted from the Synnovis system, and if so whether it relates to NHS patients.”
Impact on healthcare
Alongside the release of patient data the attack on Synnovis is continuing to impact healthcare services in London, although staff are working to overcome these challenges. Blood tests, which were initially operating at approximately 10% of normal capacity, have now risen to 30% due to help provided by other NHS laboratories.
Medical students have also been asked to volunteer to work extra-long shifts, up to 12 hours at time, to help the affected hospitals. The volunteers were warned they “should be prepared for extended periods on their feet.”
Last week, the health service issued an urgent call for O-type blood donations because the incident meant “hospitals cannot currently match patients’ blood at the same frequency as usual,” meaning providers were instead relying on their stocks of universal donor blood. The request for blood donations is still standing, officials said on Friday.
According to NHS England, between the attack on June 3 and the latest available figures running up to June 16, more than 1,134 planned operations have been postponed, including 184 cancer treatments, alongside 2,194 outpatient appointments.
The health service said it was too early to see what impact the delayed operations might have on its key performance indicators for cancer. It added that in total, 64 organs have now been diverted away from the affected hospitals to be used by other NHS Trusts.
The majority of the postponements occurred in the first week following the incident, with fewer disruptions recorded last week.
Dr. Chris Streather, the medical director for NHS London, said: “Although we are seeing some services operating at near normal levels and have seen a reduction in the number of elective procedures being postponed, the cyber-attack on Synnovis is continuing to have a significant impact.
“Having treatment postponed is distressing for patients and their families, and I would like to apologise to any patient who has been impacted by the incident, and staff are continuing to work hard to re-arrange appointments and treatments as quickly as possible,” said Streather.
“Mutual aid agreements between NHS labs have begun to have a positive impact in primary care providers, helping increase the number of blood tests available for the most critical and urgent cases.”
It comes as every household in the Scottish region of Dumfries and Galloway has received letters this week warning them that cybercriminals are likely to have published medical data about them stolen from NHS Scotland in a ransomware attack in February.
Despite the impact of these two ransomware incidents affecting healthcare organizations during the United Kingdom’s ongoing general election campaign, neither attack has received much attention from political parties.
While there has been much criticism of the government’s approach to tackling the ransomware crisis from Parliament’s national security committee, experts told Recorded Future News the issue did not appear to be one that any of the opposition parties felt comfortable challenging the government about.
Alexander Martin
is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.