NHS Cyberattack in UK Inflicted LongTerm Harm on Patient Health

pA cyberattack that paralyzed hospitals and clinics in London last year resulted in harm to dozens of patients leading to longterm or permanent damage to their health in at least two cases according to data obtained by Bloomberg NewsppIn June 2024 a Russian hacking gang targeted Synnovis a contractor that provides blood testing transfusion and other pathology services to the UKs National Health Service or NHS The incident plunged healthcare providers predominantly in the southeast of the city into crisisppThe breach crippled Synnovis ability to function and led to months of disruption at scores of hospitals and doctors surgeries Medical facilities postponed more than 10000 appointments and canceled more than 1700 elective procedures as a result of the incident according to the NHSppUK Hospital Hackers Say Theyve Demanded 50 Million in RansomppHealthcare professionals across at least four boroughs of London recorded two cases of major harm 11 cases of moderate harm and more than 120 cases of minor harm as a direct consequence of the cyberattack according to NHS data obtained by Bloomberg News Details about the specific damage to individuals health was not available due to patient confidentialityppMajor harm amounted to longterm or permanent impact on physical mental or social function or shortening of lifeexpectancy according to an NHS document reviewed by Bloomberg News Moderate harm was classified as having mediumterm impact on physical mental or social functioning Minor harm would result in a mild shortterm impact on healthppThese numbers are substantial and they show that a cyberattack can be catastrophic and lifechanging for people said Saif Abed a former NHS doctor and expert in cybersecurity and public healthppThe number of affected patients may be higher Abed added as its difficult to identify links between a cyber incident and specific harms which can arise months or years later due to a delay in treatment In some cases dialysis patients had their treatments disrupted and bloodtesting services dropped to 10 immediately after the attack Bloomberg News previously reportedppRansomware attacks have surged by some 300 in the last decade and health care is one of the most affected industries according to Microsoft Corp findingsppThe NHS has been a victim before In 2017 a strain of ransomware known as WannaCry disrupted hospitals and clinics across the UK for days leading to the cancellation of an estimated 19000 appointments A group of London hospitals affected in the 2024 intrusion had known for years about digital flaws that left them vulnerable to an attack Bloomberg previously reportedppIn the US a report last year from the Office of the Director of National Intelligence warned that attacks on American health organizations had delayed medical procedures and disrupted patient care because of multiweek outagesppIts rare for healthcare organizations to publish data on harms caused to patients as a result of the incidents In a devastating attack on Irelands hospitals in 2021 for instance Irish health executives said they didnt have numbers on specific harms inflicted though scores of patients had treatments for cancer and other serious conditions postponedppA portion of the data on the Synnovis attack was provided to Bloomberg News under the Freedom of Information Act by the South East London Integrated Care System an NHS organization that represents publicly funded health and care providers The figures included primary care services such as surgeries in Greenwich Lambeth Lewisham and Southwark Additional data was provided to Bloomberg News by two hospital groups that were affected by the hack the Guys and St Thomas NHS Foundation Trust and the Kings College Hospital NHS Foundation TrustppA spokesperson for NHS South East London said that the Synnovis attack had been very disruptive as testing capacity had been significantly reduced as a result of itppHowever the NHS has extensive procedures in place for and extensive experience of dealing with incidents and these were implemented said the spokesperson This included requesting and receiving crucial mutual aid and support from a wide range of partnersppA Russian criminal gang named Qilin took responsibility for the ransomware attack and said that it had demanded 50 million from Synnovis to unlock the computers it had shut down The group later dumped online a trove of sensitive medical records stolen from Synnovis computers including documents sent by doctors requesting biopsies and blood tests for people in all regions of the UK and some hospitals in IrelandppA spokesperson for Synnovis said in an emailed statement that almost all services are operational again but added that work remained ongoing to fix backoffice computers that were not critical to healthcare operationsppWe are very aware that this has been an extremely challenging and sometimes distressing period for patients service users and frontline NHS colleagues the spokesperson said Their patience and understanding over these past months is truly appreciated and we are incredibly sorry for the inconvenience and upset caused by this criminal attackpp
Topics
Cyber
ppWas this article valuableppThank you Please tell us what we can do to improve this articleppThank you of people found this article valuable Please tell us what you liked about itppHere are more articles you may enjoyppGet automatic alerts for this topicp