Rishi Sunak
Prime Minister Rishi Sunak announces the 2024 general election on May 22 outside 10 Downing Street. Credit: Lauren Hurley / No10 Downing Street

UK election campaigns ignore London hospitals cyberattack despite disruption

Cybercriminals believed to be based in Russia disrupted healthcare at several hospitals in London this week — yet the attack barely registered for the United Kingdom’s major political parties amid an ongoing election campaign.

Following the ransomware attack against Synnovis, a business providing pathology services to a number of healthcare organizations in London, a critical incident — an emergency status — was declared. Many patients either had their appointments canceled or were redirected to other hospitals which then had to handle the increase.

Despite the real-world impact of the cyberattack, and extensive media coverage, the lack of attention from major parties is indicative of cybersecurity’s standing within British politics.

Incumbent Health Secretary Victoria Atkins made a single post on social media announcing having meetings about the financially-motivated incident, stressing her priority was patient safety. Wes Streeting, her opposition counterpart and likely successor considering the Labour Party’s lead in the polls, didn’t mention the attack at all.

So far, the election campaign in Britain has seen the incumbent Conservative Party focus on its national security credentials — although it is open to criticisms on this front, particularly around ransomware. Parliament’s national security committee has robustly criticized the government’s approach to tackling the threat. Despite this, the opposition Labour Party has not mentioned the Synnovis attack, or ransomware more generally, at all.

Why?

Tim Stevens, the head of the cybersecurity research group at King’s College London (KCL), told Recorded Future News it struck him that cyber “had always been a de-politicised” issue in the United Kingdom, for what he thought were two or three reasons.

The first is that cybersecurity “conventionally has been seen as too difficult to engage with on a political level because it's technical and it's difficult to understand.” 

“This leads to point two, which is ‘we’ll leave it to the technical folks’ to sort out at a sub-policy level, as an operational issue rather than a strategic one,” he said. “So it’s low politics if you like, rather than high politics.”

Stevens said that reading through parliamentary debates on cybersecurity revealed “almost no difference, left or right, about what the emphasis should be.” 

“These debates are purely seeing it as a technocratic, operational, technical issue that has to be resolved by engineers rather than something that has a political dimension,” he said.

Jamie MacColl, a research fellow at the Royal United Services Institute, observed that in Britain the political environment stands in stark contrast to that in Washington when it comes to cybersecurity.

“It's very interesting to me how de-politicised cybersecurity is in the United Kingdom, compared to the United States in particular. I feel like in the U.S. there are members of Congress and the Senate that are genuinely quite interested in cybersecurity, and intelligence as well, and are prepared to make it political,” MacColl said. 

Joseph Devanny, a lecturer at KCL's Department of War Studies, said that since taking charge of the opposition Labour Party leader Keir Starmer had made “a very clear, consistent effort to present the Labour Party as essentially being very sound and centrist on issues of national security.” 

“So you would expect, in that context, Labour to be seen to take cybercrime seriously as a top national security priority,” he said.

“Applying the Conservative approach to Labour in the campaign context, you might expect the Conservatives to take any opportunity to show Labour as soft on national security — except this would draw attention to the fact that our current approach to countering cybercrime doesn't appear to be working either,” he said.

The attack on Synnovis and the disruption to hospitals in London was covered by all of the country’s major national news organizations, and particularly stressed were the links of the suspected offending ransomware group Qilin to the Russian Federation.

Stevens said that even while there were relatively uncontested debates taking place in parliament, politicians “could have stepped outside of the House of Commons chamber or the House of Lords and looked at the newspaper, or listened to the statements from GCHQ or the Ministry of Defence about threat levels.”

Instead, there appeared to be two conversations happening in parallel — “a huge disconnect between the everyday technocratic approach to cybersecurity and then all these people talking about it as a strategic issue,” said Stevens.

“Somewhere in the middle there's a lack of national policy formulation coming through in debates, discussion. It's always taken as read that this thing is just what it is and it's not worthy of discussion — it's worthy of doing something about it — but there's no real divergence on both sides of the aisle... If it's not a political issue in a kind of competitive sense, it's not going to be an electoral issue.”

According to MacColl, the Conservative Party's focus on national security made the attack an opportune moment to be talking about cybersecurity “if they thought that it was an important issue,” but “perhaps it's also something that the public is not very interested in.”

“Fundamentally, until there is a major incident — and I guess this incident has not reached that threshold — it's just not going to get the coverage or the political will it deserves,” said MacColl.

Katharina Sommer, the head of government affairs at cybersecurity business NCC Group, citing her company's recent Digital Dawn report on cyber policy during political transition, said “public opinion polling consistently shows that people are worried about cybersecurity and that they do want governments to keep them safe in cyberspace.” 

“So there is a clear imperative or a public demand for the government and politicians to do more about it,” she said.

What more can be done?

There have been very few political criticisms of the government’s approach to cybersecurity outside of those made by the Joint Committee on the National Security Strategy. One of the committee’s members, Lord Dannatt — the former head of the British Army — was among those who called on the government to to get on the “forward foot” with ransomware instead of “absorbing the punches,” in an examination of the government’s approach by Recorded Future News.

Officials in Westminster were urged to put more money behind operations to disrupt ransomware gangs amid an increase in attacks instead of its ongoing priority focus on resilience — encouraging organizations to improve their cybersecurity, and to prepare to recover quickly if a compromise does occur. But this solution isn’t necessarily agreed upon by the opposition.

“There's still the question about whether that increase in priority and increasing operational effort can do much more than mount a kind of a whack-a-mole defense: cybercriminals will keep coming back, you can take out one group and that just leaves space for another group to ramp up its operation. So it's a pretty frustrating policy problem which would face any party in government,” Devanny said.

“There is no evidence that Labour has such a plan,” he added, noting that it wouldn’t necessarily be expected to come into government with one. “And I think in part that's a recognition that in government they would have the same levers that the Conservatives have had in government, but will need to reflect on whether they can use those levers more effectively.”

While there is room for opposition parties to criticize the government approach, there could be political blowback for the Labour Party if it were to focus on the issue too much “given that it essentially expects to be the party of government in a month's time,” he said.

“Calibrating the way in which the Labour Party holds the government to account, in light of the fact that the same yardstick could very well be applied to them very soon, I think that might be prompting a more cautious public response,” Devanny said.

Stevens concurred: “Once you make it a political issue, if you don't fix it, it can come back and bite you on the ass."

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Alexander Martin

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.