Three NHS hospitals in London were forced to divert ambulances and cancel operations after they were hit by a cyber attack.
The attack has so far affected several trusts in the UK capital, with Guy's and St Thomas' and King's College Hospital among those affected by the attack.
The attack is apparently impacting pathology services, according to an email from Professor Ian Abbs, chief executive of Guy's and St Thomas' NHS Foundation Trust, which was seen by Sunday weather (through Meter).
Canceled transplants and major surgeries
The letter says: “I can confirm that our pathology partner, Synnovis, experienced a major IT incident today, which is ongoing and means we are not currently connected to Synnovis' IT servers.”
The letter goes on to explain that primary care across south east London is being affected and that blood transfusions have been significantly affected by the attack. The letter also said that an incident response team is investigating the attack.
Responding to news of the attack, Trevor Dearing, Director of Critical Infrastructure at Illumio, said: “NHS systems are a prime target for cybercriminals because a small breach can impact multiple entities. This is another example of why breach containment is paramount: containing attacks at the point of entry can dramatically reduce the impact of a breach.”
“The 'chaos factor,' the act of causing mass social unrest, is now the driving force behind many cyberattacks, and healthcare is one of the few sectors where cyberattacks can fatally impact human life,” Dearing continued. .
“The fact that the attacker gained access to the network through a third-party IT provider is not a surprise. “Many healthcare organizations rely on these systems to function and, as seen in the attack on Capita IT, when these providers are affected it can have widespread repercussions.”
“This is another example of the importance of supply chain security and why hospitals must ensure that security controls extend to their third-party software providers. Cybercriminals will always look for the weakest link to gain access to more valuable systems. That is why it is important to implement a Zero Trust approach. Relying on the mantra of “never trust, always verify,” healthcare organizations can tightly control access to critical systems and prevent unauthorized entities from accessing them,” Dearing concluded.
The attack, believed to have occurred on Monday, comes weeks after NHS England released data showing that the UK public has no confidence in NHS cybersecurity at all.