Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

HIV tests dropped and a return to paper working: Inside the hospitals held to ransom by Russian hackers

An attack attributed to the Russian cyber-crime group Qilin has caused chaos at two London NHS trusts

Rebecca Thomas
Health Correspondent
Wednesday 05 June 2024 16:30 EDT
Comments
A Russian group of cyber criminals is behind the ransomware attack affecting major London hospitals, an expert has said
A Russian group of cyber criminals is behind the ransomware attack affecting major London hospitals, an expert has said (PA)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

A cyberattack on NHS hospitals could take months to resolve, with HIV tests and cervical cancer screening dropped and staff working on paper, The Independent has been told by insiders.

On Monday, major London hospitals were targeted by a ransomware attack by Russian hackers, which took out IT systems responsible for reporting patient tests.

Commercial supplier Synnovis provides systems used by labs, King’s College and Guy’s and St Thomas’ NHS trusts, and GP services across six London boroughs – Bromley, Southwark, Lambeth, Bexley, Greenwich and Lewisham.

The NHS has not given full details of contingency plans being activated, but senior hospital sources describe the situation as a “disaster”, with staff having to record patient test results on paper and call through emergency results manually.

The trusts have been forced to cancel or divert non-urgent operations and procedures, and GPs were told on Monday to cancel all non-emergency blood tests.

Several senior NHS sources have now warned that it could take months to fully recover from the attack.

One trust executive said: “We are telling staff that it will be weeks and possibly months.

“All working on workarounds at the moment but issues of patient safety. [We are] having to look at priority areas for processing tests for particular conditions and patients. Everything is paper-based, which means more risk, of course.”

Another senior clinician said it could take months to recover, but weeks to solve “priority” services. They said capacity for routine HIV testing and routine HIV testing in emergency departments has been lost.

GP services in Bromley sent a message to patients on Wednesday, saying: “The attack is affecting all pathology services, including phlebotomy and cervical screening.

“Synnovis has asked for patients to delay having non-urgent blood [tests] taken until further notice and asked phlebotomy providers to cancel non-urgent appointments. This means BGPA will be cancelling all non-urgent phlebotomy appointments until further notice, as there is no capability to process samples and return them at this time.”

On Wednesday, a spokesperson for NHS England London said: “Unfortunately, some operations and procedures which rely more heavily on pathology services have been postponed, and blood testing is being prioritised for the most urgent cases, meaning patients have had phlebotomy appointments cancelled.”

On Wednesday morning, former National Cyber Security Centre chief Ciaran Martin told BBC Radio 4’s Today programme the attack came from a Russian cybercrime group called Qilin.

The attack has been described as a “ransomware” incident, meaning criminals are demanding money to unblock the system.

Professor John Clark, professor of computer and information security at the University of Sheffield, said: “However, the exact nature by which the Synnovis system was initially penetrated is unclear. It is critical to understand this because otherwise, after the system has been ‘cleaned’, the attackers could simply re-penetrate – though such efforts would be subject to highly intense monitoring.

“Patient safety is of paramount concern and the accuracy of results is essential, so it is important to stress that unless it is known what has happened to the system, the accuracy of any stored data cannot be ensured. Determining whether stored data has been manipulated may simply not be possible and tests may have to be rerun and results re-recorded.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in