With over 1.7 million employees, the U.K.’s NHS has become a ‘rinse-and-repeat target’ for cybercriminals—disrupting services and risking lives

Last month, a different group, called INC Ransom, published a massive data set – Three terabytes worth – Executed from hacking NHS Dumfries and Galloway, the NHS governing body that oversees a region in Scotland for the health service.

On Monday, hackers launched a ransomware attack against a key NHS partner, a company called Synnovis that helps manage blood transfusions and laboratory services for hospitals operating under Guy's and St Thomas' NHS Foundation Trust and King's College Hospital NHS Foundation Trust. . attack Services are down In those hospitals.

These incidents highlight the many cyber security challenges facing the NHS, which provides care to patients The population of the United Kingdom is 68 million Through a network of 229 trust It spread throughout the kingdom. The system amounts to a vast network of providers and computer systems that make the NHS custodians of one of the richest and most comprehensive national health data sets anywhere.

In addition, with 1.7 million workers, the health service is one of the world's largest employers, by some measures behind nearly All except the US and Chinese militariesWalmart Inc. and McDonald's Corporation.

All of this makes the NHS an attractive target at a time when financially motivated cybercriminals are increasingly targeting healthcare organizations and seeking to damage or disable their IT systems in the hope of extorting them into paying huge ransoms. In addition to the recent hacks, the health service was one of the most prominent victims of the hack 2017 WannaCry attackwhich involved an early strain of ransomware that spread around the world including disrupting services in a third of NHS trusts, including forcing the temporary closure of many emergency rooms.

Of all industries, healthcare providers were the most targeted by ransomware gangs last year, according to a a report By Talos Threat Intelligence Division of Cisco Systems Inc. Cisco attributed the targeting to healthcare organizations in general that suffer from “underfunded cybersecurity budgets and low ability to tolerate downtime.”

Across the Atlantic, cybercriminals have repeatedly broken into various parts of the healthcare industry, from major hospital systems to one of America's largest health insurance companies. Last year, the F.B.I More reports There are more ransomware attacks in healthcare and public health than in any of the other 16 industries identified by the US government As vital infrastructure.

“When healthcare systems and data are not available, lives are potentially at risk. This makes the sector a tempting target for criminals,” Martin Lee, technical director of security research at UK-based Cisco, wrote in an email. The electrician is pressuring management to pay the attackers to quickly restore availability. However, paying the ransom means that these attacks remain profitable and ultimately only encourages further attacks.

Cyber ​​security experts say the growing number of attacks against healthcare providers – including the NHS – also highlights the difficulty of monitoring not just their own security, but that of key suppliers as well.

This week's ransomware attack against Synnovis was the third attack in the past 12 months to hit Munich, Germany-based Synlab AG, the company that runs Synnovis with two NHS hospitals in London. In June 2023, Synlab, one of the largest providers of medical diagnostics and testing services in Europe, said its French subsidiary had been attacked by the Cl0p attack group. In April this year, a cyberattack occurred paralyzed Italian group operation.

The company described the latest attack as an “isolated incident unrelated” to the one that occurred in April in Italy. She declined to answer further questions and said she was still trying to assess the impact of the hack.

Once an organization is compromised, hackers know its “cyber terrain,” which increases the chances they will be able to return later, even after the victim has cleaned up the original breach and implemented more security controls, according to Brad Freeman. , co-founder and CTO of the London-based cybersecurity company SenseOn. He said that if an attacker exploited a vulnerability in a website that was then patched, for example, he and other attackers would likely find other similar ways, as the original flaw could be seen as a sign of poor software development practices. .

“Suppliers like Synnovis are vital elements of the NHS supply chain,” he wrote in an email. “This data breach demonstrates the difficulty of securing systems from multiple independent vendors and the potential impact on operations,” he said.

Like their U.K. counterparts, experts say American health care providers remain attractive targets for cybercrime because they often have limited security budgets, complex and vulnerable computer systems, and troves of sensitive information used to make life-or-death decisions.

Hitting hospitals gives attackers leverage because doctors have to resolve subsequent disruptions quickly, according to Mark Montgomery, a senior fellow at the Foundation for Defense of Democracies who led a U.S. government panel studying cybersecurity.

“They immediately present potentially life-threatening situations — whether your MRI doesn't work, or you can't transmit data to the surgical suite, or you can't get information about your blood type,” Montgomery said.

In 2021, A.J Ransomware The attack on the Scripps Health hospital network in San Diego forced staff to cancel medical procedures and transfer emergency patients to other hospitals. Hackers took patient records, scheduling, and other important systems offline San Diego Union-Tribune This forced medical teams to resort to pen and paper.

Last year another Ransomware The attack hit Ardent Health Services, which operates 30 hospitals in six states, forcing it to postpone some elective procedures and divert patients from some emergency rooms. This year, another major attack It hit Ascension, one of the nation's largest nonprofit health systems. The Catholic Hospital Network has had to divert ambulances, suspend elective surgeries and reschedule appointments while it works to get systems back up and running again.

“It has become a recurring target,” said Joshua Corman, who led the strategy for the US Cybersecurity and Infrastructure Security Agency's COVID-19 Response Task Force.

Biden administration recently Announce It intends to require hospitals to meet minimum cybersecurity standards.

Meanwhile, other parts of the health care industry have been affected as well.

In February, hackers broke into a subsidiary of UnitedHealth Group Inc., delaying billions of dollars in payments to doctors and hospitals. The hackers were able to steal data on up to One in three Americans. The insurance giant said it paid hackers a ransom of more than $20 million to stop publishing patient data.

“When attacking life-saving infrastructure like hospitals and care centers, attackers know they will have the upper hand in any ransom negotiation,” said Adam Maree, chief information security officer at cybersecurity firm Arctic Wolf.