London hospital vulnerabilities were known years before cyberattack

NHS
Image credit: Shutterstock (Image credit: Shutterstock)

Five London hospitals had to cancel operations and divert incoming ambulances as a result of a cyberattack against the Guy’s and St Thomas’ NHS Foundation Trust in June 2024

Since then, several hundred operations have been postponed or rescheduled, and the NHS has called for O negative blood donors to donate in a nation-wide push.

It has now emerged the hospitals affected knew about the vulnerabilities abused by the hackers for several years, documents reviewed by Bloomberg News have found.

 Vulnerabilities known for years

According to the documents, which include publicly available information on board of director’s meetings, the Guy’s and St Thomas NHS Foundation Trust frequently failed to meet data security standards, with the board of directors questioning the risks posed to hospital IT systems and their third-party supply chain as recently as January 2024.

In the attack that took place at the beginning of June, the attackers struck Synnovis, the trust’s pathology services provider, forcing hospitals to rely on handwritten records and postpone a range of medical procedures.

In minutes taken from meetings, the board of directors pursued a number of IT modernization programs to increase the trusts’ cybersecurity capabilities, with a meetings in January this year commending that IT infrastructure across the trust was “configured to a good standard,” but concerns were continually raised about third party interfaces, including Synnovis.

The attack has been attributed to a Russian ransomware group identified as Qilin, who have emerged as a cross-sector ransomware threat since 2022. Hospitals are increasingly becoming a favorite target for ransowmare gangs thanks to their sensitive medical data and wide ranging third-party equipment providers, which provide a large attack surface.

Speaking on the attack, Mark Dollar, CEO of Synnovis said, “We take cybersecurity very seriously at Synnovis and have invested heavily in ensuring our IT arrangements are as safe as they possibly can be. This is a harsh reminder that this sort of attack can happen to anyone at any time and that, dispiritingly, the individuals behind it have no scruples about who their actions might affect.”

More from TechRadar Pro

Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

Read more
healthcare
Software bug meant NHS information was potentially “vulnerable to hackers”
A person's fingers type at a keyboard, with a digital security screen with a lock on it overlaid.
Blood donation firm reveals donor personal data stolen in cyberattack
An illustration of a silhouetted thief in motion running while carrying a stolen fingerprint
The 5 worst cyberattacks of 2024
Code Skull
Blood donation giant warns of issues following ransomware attack
An abstract image of padlocks overlaying a digital background.
US healthcare giant Ascension says ransomware attack affected nearly six million customers
security
Ransomware gangs allegedly hit two major US healthcare firms, 300,000 patients have data stolen
Latest in Pro
Cyber-security
Dealing with the issue of CISO stress
HP OfficeJet Pro 9012e main image
I tested the HP OfficeJet Pro 9012e - read why this is a cracking home printer
HP LaserJet Pro MFP 4302fdw main image
I tried the HP LaserJet Pro MFP 4302fdw - read why it disappoints
Epson EcoTank ET-2830 main image
I tried out the Epson EcoTank ET-2830 - see how this cheap inkjet holds up
Google DeepMind panel discussion
“More sovereignty and protection” - Google goes all-in on UK AI with data residency, upskilling projects, and startup investments
Canon Pixma TS8750 main image
I tested the Canon Pixma TS8750 - see how this home printer compares
Latest in News
Panos Panay and Alexa Plus
Amazon's Panos Panay teases future Alexa+ devices from speakers to possible wearables
Metroid Prime 4
I reckon the Nintendo Switch 2 could launch with Metroid Prime 4 – here’s why
Samsung Galaxy Z Fold 6
New rumors predict a foldable iPhone will launch next year – and cost almost twice as much as the iPhone 16 Pro Max
Pebble smartwatch countdown
Pebble confirms its smartwatch announcement is just hours away
Logo of YouTube Shorts
Is YouTube auto-playing Shorts when you open the app? Well, you’re not alone - here’s how to fix it
Google DeepMind panel discussion
“More sovereignty and protection” - Google goes all-in on UK AI with data residency, upskilling projects, and startup investments