London Hospitals Crippled by Ransomware Attack

This time around it is an attack on a 3rd-party lab and/or service provider. London hospitals declare emergency following ransomware attack | Ars Technica

Does anyone remember the WannaCry Ransomware attacks in 2017 that brought NHS to a screeching halt? Yeah, they don't seem to remember it either.

A ransomware attack that crippled a London-based medical testing and diagnostics provider has led several major hospitals in the city to declare a critical incident emergency and cancel non-emergency surgeries and pathology appointments, it was widely reported Tuesday.

The attack was detected Monday against Synnovis, a supplier of blood tests, swabs, bowel tests, and other hospital services in six London boroughs. The company said it has "affected all Synnovis IT systems, resulting in interruptions to many of our pathology services."

There are virtually no details about the attack that I can find. No one is claiming responsibility publicly, and the authorities, while involved, aren't saying anything.

What is known, is that the impact is fairly substantial.

The outage has led hospitals, including Guy's and St Thomas' and King's College Hospital Trusts, to cancel operations and procedures involving blood transfusions. The cancellations include transplant surgeries, which require blood transfusions.

"I can confirm that our pathology partner Synnovis experienced a major IT incident earlier today, which is ongoing and means that we are not currently connected to the Synnovis IT servers," Ian Abbs, CEO of the hospital network Guy’s and St Thomas’ NHS Foundation Trust, wrote in an email posted to social media. "This is having a major impact on the delivery of our services, with blood transfusions being particularly affected. Some activity has already been canceled or redirected to other providers at short notice as we prioritize the clinical work that we are able to safely carry out."

Click thru for more details, including the hospitals that specialize in heart operations are impacted.

Ransomware attacks against hospitals and other medical providers are on the rise. There are several reasons for that including medical groups stubbornness when it comes to security. "We're doctors! You can't tell us what to do!)

One such attack - more financial in nature than anything - against Change Healthcare, a subsidiary of UnitedHealth Group, was severe enough to threaten some providers ability to stay in business. (Employees have to be paid, tests are not free, etc.) US Senate finance chair slams Change Healthcare for ‘negligence’ in ransomware attack

In this case I agree with the .gov, which is very rare these days. Change Healtcare had a remote access system that was NOT protected by multifactor authentication. Not even the kind that uses your phone. I would say that for stuff like this, which has clearly been shown to be critical, something like security fobs should be required.

Cybersecurity experts faulted UHG for failure to deploy multifactor authentication MFA — a basic enterprise security access control — across Change Healthcare’s servers. UHG acquired Change Healthcare in October 2022.

Oh, but it's hard, or it's inconvenient, or something. How inconvenient is it to large portions of the health care industry out of business because of your screw up?

I don't expect health care, on either side of the Atlantic, to start doing things right any time soon. Doctors and Lawyers don't like people telling them what to do, even when they are demonstrably clueless about something, like cybersecurity. Also, security isn't free, and if they spend money on things like firewalls, and MFA, and intrusion detection, and backups, how are they going to pay for their condos in Florida, or the membership at the country club?