What We Can Learn From the NHS Cyber Attack

This week, the NHS have fallen victim to a major cyber attack. Starting on Monday 3 June, the attack has targeted London NHS hospitals and caused many procedures and appointments to be cancelled or changed. The hospitals have declared this a ‘critical incident.’  

7 NHS hospitals run by 2 NHS trusts have suffered serious disruptions to services as a result of a ransomware attack. The hospitals affected include those of Guy’s and St Thomas’ NHS trust and also included King’s College hospital, the Evelina children’s hospital, Royal Brompton and Harefield specialist heart and lung hospitals and also the Princess Royal hospital in Orpington, Kent.

Blood transfusion appointments are the worst effected and it’s reported that at least one of the hospitals had to postpone or ask other hospitals to perform scheduled childbirths.

As well as severe disruption to services, ransomware attacks also jeopardise sensitive public data which is at threat of being published if a payment is not received.  

This is the third cyber security breach fail in the last year to hit part of the Synlab group – Synnovis’s parent company. In June 2023, ransomware gang Clop hacked and stole data from the French branch of the company just days after it hit the headlines for bringing down a payroll provider for companies including British Airways, Boots and the BBC. Clop published the stolen data later that summer, which resulted in personal payroll data being shared publicly.  

At the time of writing this blog, the issue is still ongoing, an emergency taskforce has been created to resolve this issue which is expected to take ‘a few weeks’ to fully resume services.  

How did they get in?

The attack is said to have been targeting a private company called Synnovis which is a partnership between the Guy’s and St Thomas’ and King’s College trusts and private firm Synlab to analyse blood tests.  

The hackers entered NHS systems by inserting a piece of software into Synnovis’s IT system. This system locks up the computer systems until a payment is received to restore access and ransomware removal.

What is a Ransomware attack?

The National Cyber Security Centre defines a ransomware attack as a type of malicious malware that prevents you from accessing your device and the data stored on it. It usually encrypts files, and a criminal group will then demand a ransom in exchange for decryption and ransomware removal.

Ransomware is a threat to all organisations, big or small. Its ability to paralyse entire networks can have significant consequences both financial and reputational.  

Removing ransomware can be a complex and challenging task but following specific steps can help mitigate the damage and potentially recover compromised data.

Could this have been avoided?

This incident could have been avoided through a combination of proactive measures: regular and comprehensive employee training on cyber hygiene, stringent access controls, timely software updates, and an investment in advanced threat detection systems.  

By fostering a culture of cyber security awareness and implementing best practices, the NHS and similar organisations can better protect themselves against future threats, ensuring the security and privacy of patient data remain uncompromised. Ultimately, prioritising cyber security is not just a technical necessity but a fundamental aspect of maintaining public trust in healthcare systems.

The main role of a cyber security services company is to protect and prevent situations like this. Simon Jefferies, Director of Technology at Sharp UK commented

"Sadly, we hear of these large scale cyber events far too often and this incident highlights the critical need for robust cyber security measures and continuous vigilance. It’s a stark reminder that organisations must adopt good levels of security controls, employee cyber awareness training, and incident response strategies to help detect, prevent and respond to cyber incidents"

In conclusion, the NHS cyber security breach serves as a bleak reminder of the critical importance of robust cyber defences and solid cyber security services to protect and safeguard sensitive information. It also highlights just how effective cyber security services company can be for all organisations, big or small.  

Here at Sharp, we provide a range of cyber security services, providing protection against the latest cyber security threats including user awareness training, incident response, and data recovery – helping you protect your systems and sensitive data and limiting business downtime. 

Find out more about Sharp's cyber security services.