A major ransomware attack linked to the notorious Qilin cybercrime gang has disrupted pathology services for several large NHS hospital trusts in London this week. The attack, which began on Monday, June 3rd, has locked Synnovis—a provider of lab and pathology services—out of its systems, causing widespread disruptions for patients across the city.
"On Monday 3 June, Synnovis was the victim of a ransomware cyberattack. This has affected all Synnovis IT systems, resulting in interruptions to many of our pathology services," said Mark Dollar, CEO of Synnovis, in a statement. "We are incredibly sorry for the inconvenience and upset this is causing to patients, service users and anyone else affected."
Among the hospitals impacted are Guy's and St Thomas' NHS Foundation Trust and King's College Hospital NHS Foundation Trust. Officials report that some non-emergency procedures, blood transfusions, and surgeries had to be postponed or canceled as a result of the attack while urgent care is prioritized. Pathology testing has also been severely limited.
"Unfortunately, some operations and procedures which rely more heavily on pathology services have been postponed, and blood testing is being prioritised for the most urgent cases," an NHS spokesperson stated on Wednesday.
Ciaran Martin, former chief of the UK's National Cyber Security Centre, has attributed the attack to Qilin, a Russian cybercriminal group notorious for increasing attacks on healthcare, industrial, and enterprise sectors. The prolific gang has developed advanced tactics like deploying customized Linux encryptors targeting virtual machine environments.
"We believe it is a Russian group of cyber criminals who call themselves Qilin," Martin told the BBC. "They're simply looking for money. It's unlikely they would have known that they would have caused such serious primary healthcare disruption when they set out to attack the company."
The incident underscores the severe real-world impacts that can result from cyberattacks on healthcare providers and critical infrastructure entities. Ransomware attacks in particular can quickly disrupt operations by encrypting data and systems until demands are met.
As the investigation into the Qilin attack continues, London hospitals remain in emergency operating mode. Patients have been advised to attend scheduled appointments unless notified otherwise as officials work to restore impacted systems as quickly as possible.
Follow SecureWorld News for more stories related to cybersecurity.
