Medical students drafted to help London hospitals recover from cyber attack

A critical incident was declared on Tuesday 4th June after a private contractor was targeted with ransomware, with the impact expected to last for weeks.  

The attack was focused on pathology firm Synnovis, severely disrupting a number of vital services, including blood transfusions and test results. 

According to a report on BBC News, a leaked message sent to trainee medics at Guy’s and St Thomas’ NHS Trust asked medical students to step in and volunteer for 10 or 12 hours shifts. Those committing to work are being used as ‘floorwalkers’, hand delivering blood tests. 

‘In this critical situation, we urgently need volunteers to step forward and support our pathology services. The ripple effect of this extremely serious incident is felt across various hospital, community and mental health services in our region,’ the message read, going on to describe students input as ‘crucial’ and the situation an opportunity to ‘demonstrate your commitment to patient care.

A spokesperson for NHS London confirmed staff were ‘working around the clock’ to minimise impact. Surgery, including transplants, at Royal Brompton and Harefield hospitals, Evelina London Children’s hospitals, and primary care services have all been effected. Patient appointments have been cancelled as a result, while concerns have been raised about the idea of making clinical decision without support from pathology.  The situation is expected to continue for several weeks.

Qilin, a ransomware criminal gang, is believed to be responsible. While their location is officially unknown, many suspect the organisation is based in Russia, raising serious doubts that, if they were ever traced by UK authorities, extradition to Britain for criminal proceedings would be possible. 

Active since October 2022, Qilin is thought to be behind a number of other major cyber security incidents, including attacks on French company Robert Bernard and Dialog, an Australian IT consultancy. The group operates a ‘ransomware as service’ model, meaning it allows independent hackers to use its tools in exchange for 15-20% of the profits. 

‘Pathology services are integral to a wide range of treatments and we know that a number of operations and appointments have been cancelled due to this attack,’ said a spokesperson for NHS London. ‘We are still working with hospitals and local GP services to fully assess the disruption, and ensure the data is accurate. In the meantime our advice to patients remains, if you have not been contacted please do continue to attend your appointments.’

This is the latest in a string of high profile ransomware attacks that have impacted UK public sector organisations. In May, criminals targeted the Scottish National Records, this followed a similar incident involving NHS Dumfries & Galloway. Previous attacks have taken place against the British Library, Leicester City Council and the Electoral Commission. 

Image: Artur Tumasjan