A group of Russian cybercriminals is behind the ransomware attack that halted operations and testing at London’s major NHS hospitals, the former chief executive of the National Cyber Security Center has said.
Ciaran Martin said the attack on pathology services company Synnovis had led to a “serious reduction in capacity” and was a “very, very serious incident”.
Hospitals declared a critical incident after the attack and canceled operations and tests and were unable to perform blood transfusions.
Memos to NHS staff at King’s College, Guy’s and St Thomas’ hospitals (including the Royal Brompton and Evelina London children’s hospital) and primary care services in the capital said a “major IT incident” had occurred.
Asked on BBC Radio 4’s Today program on Wednesday if it was known who attacked Synnovis, Martin said: “Yes. We believe this is a Russian group of cybercriminals calling themselves Qilin.
“These criminal groups (there are quite a few) operate freely from Russia, they give themselves high-profile names, they have websites on the so-called dark web, and this particular group has about a two-year history of attacking various organizations around the world. .
“They have attacked the car companies, they have attacked the Big Issue here in the UK, they have attacked the Australian courts. “They’re just looking for money.”
He said it was unlikely that the Russian hackers would have known they would cause such a serious disruption to primary health care when they set out to carry out the attack.
He added: “There are two types of ransomware attacks. One is when they steal a large amount of data and try to extort you to pay so that it is not published, but this case is different. It is the most serious type of ransomware in which the system simply does not work.
“So if you work in healthcare in this trust you just don’t get those results, so it’s seriously disturbing actually.”
He said the government had a policy of not paying, but that the company would be free to pay the ransom if it wished.
“Criminals threaten to publish data, but they always do it. “The priority here is the restoration of services.”
The National Cyber Security Center is investigating the impact of the cyber attack alongside NHS officials.
Synnovis said the incident was reported to the police and the information commissioner.
Health Secretary Victoria Atkins wrote on .
“My absolute priority is patient safety and the safe resumption of services in the coming days.”
Synnovis chief executive Mark Dollar said a working group of IT experts from Synnovis and the NHS were working to fully assess the impact and necessary actions.
According to the Health Service Journal, a senior source said gaining access to pathology results could take “weeks, not days.”
