A recent cyber attack attributed to the Qilin ransomware group has been officially linked to a patient’s death, highlighting serious vulnerabilities in hospital cybersecurity. The incident specifically crippled pathology services at several major NHS hospitals in London, severely disrupting critical diagnostic services and leading to significant delays in blood test results, which are vital for patient care.
The King’s College Hospital NHS Foundation Trust has confirmed that the cyber incident coincided with the unexpected death of a patient. A representative for the trust stated that an extensive review of the patient’s care revealed a multitude of factors, including delayed blood test results due to the ongoing disruption in pathology services caused by the cyber attack.
The results of the safety investigation have been communicated to the affected family. Mark Dollar, CEO of Synnovis, expressed his condolences, saying, “Our hearts go out to the family involved.”
Widespread Chaos and Data Theft
On June 4, 2024, Hackread.com reported on the chaos that unfolded across London’s healthcare system following this cyber attack, which occurred on June 3, 2024. Synnovis, a key player in diagnostics and digital pathology in southeast London, was the target, resulting in a paralysis of blood testing across multiple NHS trusts, including King’s College and Guy’s and St Thomas’ hospitals.
The ramifications were extensive, disrupting over 10,000 outpatient appointments and forcing the postponement of 1,710 surgeries at King’s College and Guy’s and St Thomas’ NHS Foundation Trusts. In addition, an estimated 1,100 cancer treatments were delayed, exacerbating the challenges faced by healthcare providers in blood transfusions and matching—issues that forced the reliance on universal O-type blood, contributing to a national shortage of this critical resource.
The cyber attack triggered nearly 600 patient safety incidents, with two cases classified as severe, indicating life-threatening delays or permanent damage. Synnovis further reported the loss of approximately 20,000 compromised blood samples from 13,500 patients that could not be tested due to the attack’s implications.
The Qilin ransomware group, believed to be Russian, stands accused of the attack. They reportedly leaked around 400GB of stolen sensitive data, including patient names and details pertaining to blood tests and financial arrangements between the hospitals and Synnovis. This data was disseminated over their darknet site and Telegram channel.
A Precedent for Fatal Cyberattacks
This incident underscores a troubling trend in healthcare cyber attacks, reminiscent of a case in Germany where a ransomware attack on University Hospital Düsseldorf resulted in a patient’s death after her urgent care was diverted to a distant facility due to system failures. This incident emphasized the critical need for robust cybersecurity measures, especially in the healthcare sector, where real-time data is crucial for patient survival.
The vulnerabilities exploited in these attacks have spotlighted the urgency of implementing timely security updates. In the German case, the exploited vulnerability had a patch available a month before the attack, underscoring that effective cybersecurity practices are paramount in safeguarding patient lives. Understanding tactics from the MITRE ATT&CK Matrix, including initial access and privilege escalation, can aid healthcare facilities in fortifying their defenses against future cyber threats.
