A patient lying in bed talking with two doctors.

NHS Blood Test Delays: Synnovis Cyberattack by Qilin Gang

The NHS has been hacked, and its data has been uploaded to the dark web, forcing authorities to issue a public warning. Qilin, a Russian cyber gang, released around 400GB of sensitive information on Thursday night that was taken during a hack on a company that tests blood for the NHS.

On June 3, Synnovis, a pathology lab serving several NHS organisations in Southeast London, suffered a cyberattack. Qilin disrupted 3,000 hospital and GP appointments and operation.

The BBC assessed data that patient names, dates of birth, NHS numbers, and blood test descriptions were compromised. It is unclear whether the test results are part of the data. The responsible group, Qilin, threatened to release the data without payment.

Additionally, company spreadsheets documenting financial relationships between hospitals, GP services, and Synnovis were made public. Although NHS England acknowledged the disclosure, it was unable to confirm that the given data was exact.

NHS Patient Data Leak on the Qilin Darknet Site
NHS Patient Data Leak on the Qilin Darknet Site

According to The Guardian, several patients who refused a blood test on the NHS would have to wait up to six months to have their sample collected because of this cyberattack.

Some patients have chosen to pay for their blood tests and analysis at private facilities rather than wait on the NHS waiting list because of the enormous delays.

NHS Blood Test Delays Months Due to Cyberattack

Synnovis notified GP and primary care providers by email that it can only handle 400 blood samples per day from the impacted trusts. The email further said that Synnovis is unable to track unprocessed tests or react to individual sample status questions.

The email stated:

For the time being we can only accept samples which the requesting clinician considers to be ‘clinically critical. As experts, your clinical view of what is considered ‘critical’ will be accepted by the laboratory, but we urge you to apply this definition carefully, given the severe capacity limitations we are facing. If you have a patient you consider to be critical, but you haven’t received a test result for them, please repeat their blood test and send it to us marked ‘critical’ so that we can process it.

Only blood tests that a medical committee finds “urgent” are being conducted in the coming days due to limited resources. The incident caused the health care trusts at King’s College Hospital (KCH) and Guy’s and St Thomas (GSTT) to cancel 2,194 outpatient appointments and 1,134 planned procedures in the first 13 days. The NHS referred to this as a “significant disruption.”

The cancellations included 184 cancer operations and 64 organ transplants. Qilin’s attack on Synnovis, a provider of pathology services such as blood testing and transfusions, has drastically restricted hospitals’ and general practitioners’ ability to do blood tests, reducing them to around 30% of their regular capacity.

UK Considers NCA Response to Qilin Ransomware Attack on NHS

Following the release of some of the hacked data online, the UK government contemplated taking legal action against Qilin through the National Crime Agency (NCA). According to reports, Qilin demanded a ransom of $50 million (£40 million).

In February, the NCA dispatched a specialized squad to combat LockBit, another Russian hacking group. Groups such as Qilin and LockBit often breach the IT systems of companies and restrict access until a ransom is paid.

NHS England’s London region is responsible for responding to the attack, but it has made no statement on patients suffering six-month wait times for blood test rescheduling.

However, in a statement released on Friday, it acknowledged that the attack would cause significant issues for Synnovis and the NHS for months. Synnovis hopes to restore some IT resources in the following weeks.

The cyberattack effectively shut Synnovis out of its own IT system. Technical restoration will take time, creating delays in rescheduling tests and appointments. The aftermath of the cyberattack will last for months.

Phishing Tackle offers a free 14-day trial to help train your users on how to avoid different types of cyberattacks and test their knowledge with simulated attacks using various attack vectors. By focusing on training your users to spot these types of attacks, rather than relying solely on technology, you can ensure that your organisation is better prepared to defend against cyber threats and minimise the impact of any successful attacks. 

Recent posts