LONDON (AP) — A Russian cybercrime group is believed to be behind a ransomware attack that has roiled London hospitals and led to the cancellation of surgeries and appointments, Britain’s former cybersecurity chief said Wednesday.
Ciaran Martin, former chief executive of the National Cyber Security Centre, said a group known as “Qilin” was probably behind the attack on Synovis, which provides pathology testing services to several National Health Service hospitals.
Martin said this was one of the most severe ransomware attacks in the UK because it brought operations to a halt.
“This is a more serious type of ransomware that cripples your systems,” Martin told BBC Radio 4. “If you work in healthcare at this trust, you’re not going to get that outcome and it will cause real, serious disruption.”
Monday’s incident affected King’s College Hospital and Guy’s and St Thomas’ Hospital Trust, which run several hospitals in south London as well as clinics and doctors’ practices across a wide area of the city, the NHS said.
A memo to staff called the incident a “significant incident” that had a “significant impact” on services, particularly blood transfusions. Procedures and operations were cancelled or redirected elsewhere.
The incident was reported to police.
Synobius Chief Executive Officer Mark Dollar said Tuesday the company was still learning what happened. The company had no further comment Wednesday.
Ransomware is when criminals use malware to paralyze computer systems and then demand payment to release them. It is the most costly and destructive form of cybercrime, affecting local governments, courts, hospitals, schools and businesses. It is difficult to tackle as most gangs are based in former Soviet republics, beyond the reach of Western justice.
Britain’s public healthcare system has been under attack before, including a 2017 ransomware attack that froze computers in hospitals across the country, closing wards and emergency rooms and halting treatment.
Qilin, also known as Agenda, advertises on dark web cybercrime forums and lends malware to associated companies for use in attacks in exchange for a percentage of the ransom, according to Louise Ferret of threat intelligence firm Searchlight Cyber. The group lists more than 100 victims.
