web analytics

Qilin RaaS Group Believed to Be Behind Synnovis, NHS Attack – Source: www.databreachtoday.com

qilin-raas-group-believed-to-be-behind-synnovis,-nhs-attack-–-source:-wwwdatabreachtoday.com
Rate this post

Source: www.databreachtoday.com – Author: 1

Fraud Management & Cybercrime
,
Healthcare
,
Industry Specific

Patient Care, Including Transplants, Still Disrupted at London Hospitals, Clinics

Marianne Kolbasuk McGee (HealthInfoSec) •
June 7, 2024    

Qilin RaaS Group Believed to Be Behind Synnovis, NHS Attack
Image: Synnovis

A ransomware attack on a pathology services vendor earlier in the week continues to disrupt patient care, including transplants, blood testing and other services, at multiple NHS hospitals and primary care facilities in London as the firm tries to recover.

See Also: Webinar | Don’t Get Hacked in the Cloud: The Essential Guide to CISOcial Distancing

Russian-speaking cybercriminal gang Qilin is believed to be behind the attack, which is “one of the more serious” such incidents ever seen in England, said Ciaran Martin, former chief executive of the U.K. National Cyber Security Center, during a BBC interview on Wednesday. Martin told the BBC that the criminal group was “looking for money” by targeting Synnovis but that the British government has a policy against paying ransoms.

Synnovis is a partnership between two London-based hospital trusts and SYNLAB. The company said the attack has affected all Synnovis IT systems, resulting in interruptions to many of its pathology services.

“The health sector has proven to be a profitable target, which means attacks like this – on both providers and their supply chains – will continue to happen until we find ways to either boost security in the sector and/or take away the financial incentives to attack it,” said Brett Callow, threat analyst at security firm Emsisoft.

In an update posted Thursday about the incident, the NHS said its organizations across London continue to work in partnership to manage patient care following the Monday ransomware cyberattack on Synnovis (see: UK Vendor’s Attack Disrupts Care at London NHS Hospitals).

Affected NHS entities in London include Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospital NHS Foundation Trust, which “remain in a critical incident” mode, the NHS said. Oxleas NHS Foundation Trust, South London and Maudsley NHS Foundation Trust, Lewisham and Greenwich NHS Trust, Bromley Healthcare, and primary care services in South East London also continue to be affected.

“Pathology services at the impacted sites are available – albeit at a reduced capacity – with the most urgent cases being prioritized,” the NHS said.

“Unfortunately, some non-urgent operations and procedures including transplants continue to be postponed, while nearly all non-urgent blood tests have been postponed in primary care services in South East London.”

Healthcare staff are working to reschedule appointments and treatments as quickly as possible, the statement says.

Urgent and emergency services are available as usual so patients should access services “in the normal way by dialing 999 in an emergency and otherwise use NHS 111 through the NHS App, online or on the phone,” the NHS said.

Ransomware-as-a-service gang Qilin’s targets are primarily critical infrastructure sectors, and affiliate attackers keep between 80% and 85% of extortion payments, said researchers at cyber threat intelligence firm Group-IB, which infiltrated the group last year (see: Breach Roundup: Philadelphia Inquirer).

Synnovis in a notice posted on its website Thursday warned clinicians that all southeast London phlebotomy appointments are on hold.

“Please do not run any phlebotomy clinics at your practice. This action will ensure the laboratory capacity we have is reserved for processing urgent requests,” the notice says. “We are continually monitoring our laboratories’ capacity and will reinstate routine phlebotomy bookings as soon as possible.” Several phlebotomy sites specifically run by Synnovis in Southwark and Lambeth will be closed from June 10 “until further notice,” the company said.

“We are working closely with NHS Trust partners to minimize the effect of the cyberattack,” Synnovis said. “We are incredibly sorry for the inconvenience and upset caused to anyone affected.”

Synnovis declined Information Security Media Group’s request for additional details about the incident, including the speculation about Qilin’s involvement.

The NHS did not immediately respond to ISMG’s request for comment, including clarification about the type of transplants that are on hold at the affected facilities.

Other NHS Vendor Attacks

The Synnovis attack is not the first vendor incident to disrupt NHS patient services in recent years. A cyberattack last July against Ortivus, a Swedish software and services vendor, severed access to digital health records for at least two NHS ambulance services in the U.K., forcing paramedics to resort to using pen and paper to manage patient information (see: Software Vendor Attack Slows Down 2 UK Ambulance Services).

An attack in the summer of 2022 on software vendor Advanced, which contracts with the British government to provide digital services for the NHS 111, resulted in an outage lasting at least several days (see: Cyberattack on NHS Vendor Already Offering Critical Lessons).

Original Post url: https://www.databreachtoday.com/qilin-raas-group-believed-to-be-behind-synnovis-nhs-attack-a-25456

Category & Tags: –

Views: 5

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Nathalie Cole
How Much 10 Companies Paid Their Virtual CISO Service in 2022 Benchmark by Nathaniel Cole
How Much 10 Companies Paid...
Tushar Subhra Dutta
Top 10 Cyber Attack Maps to See Digital Threats 2022 by Tushar Subhra Dutta – Cyber Security News.
Top 10 Cyber Attack Maps...
Microsoft
Microsoft Zero Trust Maturity Model
Microsoft Zero Trust Maturity Model
US Deparment of Defense
DevSecOps Fundamentals Guidebook – Tools & Activities by American Deparment of Defense
DevSecOps Fundamentals Guidebook – Tools...
Microsoft
Microsoft 365 and the NIST Cybersecurity Framework
Microsoft 365 and the NIST...
ACSC Australia
Cyber Incident Response Plan Template by ACSC & Australian Goverment
Cyber Incident Response Plan Template...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...

LASTEST PUBLISHED POSTS

NSA
NSA Network Infrastructure Security Guide
NSA Network Infrastructure Security Guide
NIST
NIST Policy Template Guide
NIST Policy Template Guide
Hacker Combat
How are Passwords Cracked ? by Hacker Combat.
How are Passwords Cracked ?...
N/A
Security Metrics & KPIs for Measuring SOC Success – Measure Up: How SOC Metrics Elevate Your Security Posture.
Security Metrics & KPIs for...
Sectrio
The Global OT & IoT Threat Landscape Assessment and Analysis rEPORT 2024 by Sectrio Threat Research Lab Initiative.
The Global OT & IoT...
ISA SECURE
The Case for ISA/IEC 62443Security Level 2 as a Minimumfor COTS Components
The Case for ISA/IEC 62443Security...
Huntress
2024 Cyber Threat Report
2024 Cyber Threat Report
NACD - Intenet Security Alliance
2023 Director’s Handbook on Cyber-risk Oversight
2023 Director’s Handbook on Cyber-risk...
Devoteam
14 Cybersecurity Trends for 2024
14 Cybersecurity Trends for 2024
IGNITE Technologies
MEMORY FORENSICS VOLATILITY
MEMORY FORENSICS VOLATILITY
CAREER UP
7 Steps to your SOC Analyst Career
7 Steps to your SOC...
National Cyber Security Centrum
Managing Insider Threats
Managing Insider Threats

More Latest Published Posts

EC-MSP
BUSINESS CONTINUITY PLAN & DISASTER RECOVERY PLAN TEMPLATE
BUSINESS CONTINUITY PLAN & DISASTER RECOVERY PLAN TEMPLATE
PWC
Building a risk-resilient organisation
Building a risk-resilient organisation
Accenture
THE NEXT-GENERATION Building a Digital Central Bankfor a Digital Age
THE NEXT-GENERATION Building a Digital Central Bankfor a Digital Age
Thecyphere
Microsoft EntraID (Azure)ConditionalAccess
Microsoft EntraID (Azure)ConditionalAccess
aws
AWS Security Incident Response Guide
AWS Security Incident Response Guide
Government of South Australian
South Australian Cyber Security Framework
South Australian Cyber Security Framework
NAO -National Audit Office
Audit and Risk Assurance Committee Effectiveness Tool
Audit and Risk Assurance Committee Effectiveness Tool
WWW. D E V S E COP S G U I D E S . CO M
Attacking Docker
Attacking Docker
W W W . D E V S E C O P S G U I D E S . C O M
Attacking AWS – Offensive Security Aproach
Attacking AWS – Offensive Security Aproach
ENISA
Artificial Intelligence and Cybersecurity Research 2023
Artificial Intelligence and Cybersecurity Research 2023
MuleSoft
API Security Best Practices – Protect your APIs with Anypoint Platform
API Security Best Practices – Protect your APIs with Anypoint Platform
Green Circle
All about Security Operations Center
All about Security Operations Center
DAZZ
A Guide to Building a Secure SDLC – Which Scanning Tools Should I look at, and where do they go?
A Guide to Building a Secure SDLC – Which Scanning Tools Should I look at, and where do they go?
zimperium
2023 Mobile Banking Heists Report
2023 Mobile Banking Heists Report
40 under 40
40 under 40 in CyberSecurity 2024
40 under 40 in CyberSecurity 2024
HADESS
40 Days in DeepDark Web About Crypto Scam
40 Days in DeepDark Web About Crypto Scam
Everbridge
8 Principles of Supply Chain Risk Management
8 Principles of Supply Chain Risk Management
CHAOSSEARCH
Threat Hunter’s Handbook – Using Log Analytics to Find and Neutralize Hidden Threats in Your Environment
Threat Hunter’s Handbook – Using Log Analytics to Find and Neutralize Hidden Threats in Your Environment
ENDGAME
The Hunters Handbook Endgame’s Guide to Adversary Hunting
The Hunters Handbook Endgame’s Guide to Adversary Hunting
THE EU’S MOST THREATENING by EUROPOL
THE EU’S MOST THREATENING by EUROPOL
National Cyber Security Centre
Responding to a cyber incident – a guide for CEOs
Responding to a cyber incident – a guide for CEOs
IGNITE Technologies
CREDENTIAL DUMPING
CREDENTIAL DUMPING
HADESS
Pwning the Domain Lateral Movement
Pwning the Domain Lateral Movement
Jorgen Lanesskog
PING Basic IP Network Troubleshooting
PING Basic IP Network Troubleshooting
TELESOFT
Layer 7 Visibility What are the Benefits?
Layer 7 Visibility What are the Benefits?
TIGERA
Introduction to Kubernetes Networking and Security
Introduction to Kubernetes Networking and Security
Department of Defense's (DoD)
Defense Industrial Base Cybersecurity Strategy 2024
Defense Industrial Base Cybersecurity Strategy 2024
Dummies
Zero Trust Access for Dummies Fortinet
Zero Trust Access for Dummies Fortinet