The former head of British cybersecurity said today that Russian hackers are believed to be behind a major ransomware attack that disrupted work at London hospitals and led to the cancellation of operations.

The incident, labeled “critical,” affected seven hospitals run by the National Health Service Trust after Synnovis, a provider of lab services, was hit with the ransomware attack. It’s believed the hackers inserted software into the company’s information technology system, making it unusable. The hackers asked for a payment before they would restore access to the system.

At some hospitals, procedures had to be canceled or were redirected to other NHS providers as the hospitals attempted to understand what kind of work could still be carried out safely. A 70-year-old patient whose operation was canceled told the BBC that “many patients were being told to go home and wait for a new date.” Emergency care wasn’t interrupted, although in another case, a baby’s kidney transplant was canceled.

“This has affected all Synnovis IT systems, resulting in interruptions to many of our pathology services,” Synnovis said in a statement. “This is a harsh reminder that this sort of attack can happen to anyone at any time and that, dispiritingly, the individuals behind it have no scruples about who their actions might affect.”

Ciaran Martin, former chief executive of the National Cyber Security Centre, called it a “very, very serious incident.” He said the group responsible for the hack was Russian, stating they had a “two-year history of attacking organizations across the world.” They are known as Qilin.

Martin said it’s just one of many Russian hacking groups, although not related to the Russian state. In the past, it has attacked automotive companies, the Australian court system and the Big Issue, a publication in the U.K. that supports the homeless.

There are 1.7 million ransomware attacks every day of the year, with 236.7 million attacks worldwide reported in the first half of 2022. Ransomware is expected to cost its victims around the globe a total of $265 billion a year by 2031. As humanity has become more reliant on digital technology, attacks have been on the rise. It’s believed that the average cost for one attack is about $1.85 million in 2024.

Not paying up can have devastating consequences. Synnovis said it will take a matter of “weeks” to fix the issues, and by that time, the group will likely have published a lot of sensitive data. Synnovis’s Italian subsidiary was recently hit by a different ransomware group, “Black Basta.” No ransom was paid, but the group stole 1.5 terabytes of highly sensitive data, which it published online.

Black Basta has hit U.S. healthcare in the recent past, part of an operation that affected 500 organizations around the world. From just 90 of those attacks, it’s thought, the group received $100 million.

Photo: Aman Chaturvedi/Unsplash