Five London hospitals had to cancel operations and divert incoming ambulances as a result of a cyber attack on Guy's and St Thomas' NHS Foundation Trust in June 2024.
Since then, several hundred operations have been postponed or rescheduled, and the NHS has asked O-negative blood donors to donate in a nationwide effort.
It has now been discovered that the affected hospitals had known about the vulnerabilities exploited by hackers for several years, according to documents reviewed by Bloomberg News.
Vulnerabilities known for years
According to the documents, which include publicly available information about board meetings, Guy's and St Thomas NHS Foundation Trust frequently failed to comply with data security standards, and the board questioned risks posed to hospitals' IT systems. and its third parties. supply chain in January 2024.
In the attack that took place in early June, attackers targeted Synnovis, the trust's pathology services provider, forcing hospitals to rely on handwritten records and postpone a number of medical procedures.
In minutes taken from the meetings, the board implemented a series of IT modernization programs to increase the trusts' cybersecurity capabilities, and a meeting in January this year praised the IT infrastructure across the trust was “configured to a good standard”, but concerns were continually raised about third-party interfaces, including Synnovis.
The attack has been attributed to a Russian ransomware group identified as Qilin, which has emerged as a cross-industry ransomware threat since 2022. Hospitals are increasingly becoming a favorite target for ransomware gangs thanks to their sensitive medical data. and its wide range of third-party equipment. providers, which provide a large attack surface.
Speaking about the attack, Mark Dollar, CEO of Synnovis, said: “We take cybersecurity very seriously at Synnovis and have invested heavily to ensure our IT systems are as secure as possible. “This is a harsh reminder that this type of attack can happen to anyone at any time and that, unfortunately, the people behind it have no qualms about who their actions could affect.”