Russian cyber hacking gang Qilin behind ransomware attack that sparked major chaos at three London hospitals – as experts say they are ‘simply looking for money’

A Russian cyber hacking gang is behind the ransomware attack that caused chaos at 3 p.m London hospitals, the former CEO of the National Cyber ​​Security Center has said.

Ciaran Martin said the attack on pathology services company Synnovis has led to a “severe reduction in capacity” and “it is a very, very serious incident”.

Hospitals declared a critical incident after the attack, canceled surgeries and tests and were unable to provide blood transfusions.

Memos on NHS Staff at King’s College Hospital, Guy’s and St Thomas’, including the Royal Brompton and Evelina London Children’s Hospital, and primary care services in the capital, said a “major IT incident” had occurred.

Asked further BBC When it was revealed on Radio 4’s Today program who attacked Synnovis, Mr Martin said: ‘Yes. We believe it is a Russian cybercriminal group calling itself Qilin.”

Memos to NHS staff at King’s College Hospital, Guy’s and St Thomas’, including the Royal Brompton and Evelina London Children’s Hospital and primary care services in the capital, said a ‘major IT incident’ had occurred

Mr Martin said it was “unlikely” that the Russian hackers would have known they would cause such a serious disruption to primary healthcare when they set out to carry out the attack.

Ciaran Martin said the attack on pathology services company Synnovis has led to a ‘severe reduction in capacity’ and ‘it is a very, very serious incident’

‘These criminal groups – there are quite a few of them – operate freely from within RussiaThey give themselves high-profile names, they have websites on the so-called dark web, and this particular group has a history of about two years of attacking various organizations around the world.

‘They’ve attacked car companies, they’ve attacked the big issue here in Britain, they’ve attacked Australian courts. They’re just looking for money.’

He said it was “unlikely” that the Russian hackers would have known they would cause such a serious disruption to primary health care when they set out to carry out the attack.

He added: “There are two types of ransomware attacks. One of them is when they steal a bunch of data and try to force you to pay so that it doesn’t get released, but this case is different. It is the more serious form of ransomware where the system simply does not work.

‘So when you work in healthcare in this trust you just don’t get those results, so it’s actually seriously disruptive.

“This type of ransomware is impacting healthcare systems around the world.

“It’s particularly damaging in the United States, and where this type of cyber attack differs in impact from others is that it does impact people’s health care. So it really is one of the most serious we’ve seen in this country.”

One patient, Oliver Dowson, 70, was being prepared for surgery at the Royal Brompton Hospital from 6am on Monday, June 3, when he was told by a surgeon at around 12.30pm that the operation would not go ahead.

He said: ‘Staff on the ward did not seem to know what had happened, only that many patients were told to go home and wait for a new date.

“I’ve been given a date for next Tuesday and I’m keeping my fingers crossed for you. It is not the first time they have canceled, they also did so on May 28, but that was probably due to a staff shortage during the spring break week.’

Vanessa Welham, from Streatham, south-west London, said her husband’s blood test at Gracefield Gardens health center was canceled on Monday evening and he was told local centers were not taking bookings for an ‘indefinite period’.

Mr Martin said: ‘They did [Qilin] Car companies have done it, they have attacked the big issue here in Britain, they have attacked Australian courts. They are just looking for money.”

Health Minister Victoria Atkins said on Tuesday her ‘absolute priority is patient safety’

He said the government has a policy of not paying, but the company would be free to pay the ransom if it wanted to.

On patient data, he said: “This isn’t really about the data, it’s about the services.

‘The criminals threaten to make data public, but they always do that. The priority here is to restore services.’

Synnovis is a provider of pathology services and was formed from a partnership between SynLab UK & Ireland, Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospital NHS Foundation Trust.

Some procedures and operations in hospitals have been canceled or referred to other NHS providers as hospital bosses determine what work can be carried out safely.

NHS officials said they are working with the National Cyber ​​Security Center to understand the impact of the attack.

Synnovis said the incident has been reported to law enforcement authorities and the Information Commissioner.

Health Minister Victoria Atkins said Tuesday that her “absolute priority is patient safety.”

Ms Atkins wrote about

“My absolute priority is patient safety and the safe resumption of services in the coming days.”

A spokesperson for the NHS England London region said Monday’s attack had “a significant impact” on services at Guy’s and St Thomas’, King’s College Hospital NHS Foundation Trust and primary care in south-east London.

‘We are working urgently to fully understand the impact of the incident, with the support of the government’s National Cyber ​​Security Center and our cyber operations team.’

Synnovis CEO Mark Dollar said on Monday that a taskforce of IT experts from Synnovis and the NHS was working to fully assess the impact and what action is needed.

“Unfortunately, this is impacting patients, with some activities already canceled or referred to other providers as urgent work is prioritized,” he said.