Russia-linked Qilin group says it was responsible for London hospitals cyberattack

An image of a doctor showing a patient a medical record
(Image credit: Pixabay)

The London NHS trust cyberattack that forced hospitals to cancel operations, divert ambulances, and launch a nation-wide call for blood donations has claimed by a Russian hacking group known as Qilin.

The group is demanding $50 million from Synnovis, the target of the attack, upon which the Guy’s and St Thomas’ NHS Foundation Trust relies on for pathology services.

A representative for the ransomware group said that stolen data will be posted soon to authenticate both the attack and their ransom demand.

Vulnerabilities known for years

Following the attack, publicly available documents from the Trust’s board of director’s meetings show that questions were frequently raised about the risks posed to the hospitals by the Synnovis pathology services company.

Around 800 operations were canceled alongside roughly 700 outpatient appointments following the attack. A Synnovis spokesperson said, "The investigation into the attack continues, including any possible impact to data."

Speaking through a Qilin messaging account (via Bloomberg), a representative said that they had abused a zero day exploit to attack Synnovis systems, and also argued that the group is not responsible for any harm done and that their attack was an act of retaliation against the UK government's support for unnamed wars.

Mark Dollar, CEO of Synnovis, said in a statement in the aftermath of the attack that "We take cybersecurity very seriously at Synnovis and have invested heavily in ensuring our IT arrangements are as safe as they possibly can be. This is a harsh reminder that this sort of attack can happen to anyone at any time and that, dispiritingly, the individuals behind it have no scruples about who their actions might affect."

"The incident is being reported to law enforcement and the Information Commissioner, and we are working with the National Cyber Security Centre and the Cyber Operations Team," Dollar continued.

More from TechRadar Pro

Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for close to 5 years, at first covering geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division). Benedict then continued his studies at a postgraduate level and achieved a distinction in MA Security, Intelligence and Diplomacy. Benedict transitioned his security interests towards cybersecurity upon joining TechRadar Pro as a Staff Writer, focussing on state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.