web analytics

UK Vendor’s Attack Disrupts Care at London NHS Hospitals – Source: www.databreachtoday.com

uk-vendor’s-attack-disrupts-care-at-london-nhs-hospitals-–-source:-wwwdatabreachtoday.com
Rate this post

Source: www.databreachtoday.com – Author: 1

Fraud Management & Cybercrime
,
Healthcare
,
Industry Specific

London Incident Is Latest Major Ongoing Outage From Recent Ransomware Attacks

Marianne Kolbasuk McGee (HealthInfoSec) •
June 4, 2024    

UK Vendor's Attack Disrupts Care at London NHS Hospitals
King’s College Hospital in London is one of several NHS healthcare facilities affected by a Monday cyberattack on pathology services vendor Synnovis. (Image: NHS)

A ransomware attack on Synnovis, a U.K.-based provider of medical laboratory services, is significantly disrupting patient care and testing services at several NHS hospitals and other healthcare facilities in London.

See Also: Webinar | Don’t Get Hacked in the Cloud: The Essential Guide to CISOcial Distancing

The U.K. incident is one of at least two major disruptions hitting the healthcare sector. In the U.S., hospital chain Ascension said it is making regional progress in restoring electronic health records and other critical IT systems taken offline by a May 8 attack. Still, EHRs won’t be back online at Ascension hospitals across all regions until mid-June.

The cyberattack hit U.K.-based Synnovis on Monday, and the incident is taking a toll on patient services at several London hospitals and other care sites, a spokesperson for the NHS England London region told Information Security Media Group in a statement on Tuesday.

“This is having a significant impact on the delivery of services at Guy’s and St Thomas’, King’s College Hospital NHS Foundation Trusts and primary care services in southeast London,” the spokesperson said. “We apologize for the inconvenience this is causing to patients and their families.”

“We are working urgently to fully understand the impact of the incident with the support of the government’s National Cyber Security Center and our cyber operations team.”

NHS providers have tried-and-tested business continuity plans for instances such as this, which include offering mutual aid, the NHS said.

Some patient care activities have already been canceled or redirected to other providers as urgent work is prioritized, the spokesperson said.

“Emergency care continues to be available, and patients should attend appointments unless otherwise informed,” the spokesperson said. “We will continue to provide updates for local patients and the public about the impact on services and how they can continue to get the care they need.”

Synnovis in a statement provided to ISMG described itself as a pathology partnership between Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospitals NHS Trust, and SYNLAB, Europe’s largest provider of medical testing and diagnostics. Synnovis provides services to the NHS, clinical users and other service users.

The incident has affected all Synnovis IT systems, resulting in interruptions to many of its pathology services, Synnovis said. “The immediate impact is on patients using NHS services within the two partner hospitals, as well as GP services across Bexley, Greenwich, Lewisham, Bromley, Southwark and Lambeth boroughs,” the vendor said.

“It is still early days, and we are trying to understand exactly what has happened. A taskforce of IT experts from Synnovis and the NHS is working to fully assess the impact this has had, and to take the appropriate action needed. We are working closely with NHS Trust partners to minimize the impact on patients and other service users.”

Ascension Update

In the U.S., Ascension, which was hit on May 8 with a cyberattack that disrupted clinical IT systems at many of its 140 hospitals and other care facilities in 19 states, said in an updated statement Tuesday that it is making progress in restoring many IT services in several regions, and full EHR restoration is expected in about 10 days.

EHR access has been restored in its facilities in Florida, Alabama, and Austin, Texas, Ascension said.

“Based on what we have learned about this process to date, we are working toward completing EHR restoration across our entire ministry by the end of the week ending June 14,” Ascension said.

“As EHR is restored across the entirety of our networks, clinicians will be able to access patient records as they did prior to this incident,” Ascension said.

“While these are promising developments in our recovery efforts, our investigation into this incident remains ongoing, along with the remediation of additional systems. This is a complex process, and it will still take time to complete.”

Ascension Rx retail, home delivery and specialty pharmacy sites are now open and able to fill prescriptions, the organization said. “This means that healthcare providers are able to transmit prescriptions electronically and can send prescriptions to Ascension Rx pharmacies for their patients.”

Last week, Office and Professional Employees International Union Local 40 in Macomb Township, Michigan, which represents nurses, radiological technologists and other medical professionals who work at Ascension Providence Rochester Hospital, sent a petition to the hospital leadership demanding that several patient safety measures be put in place while EHRs and other clinical systems are offline (see: Union Demands Patient Safety Fixes in Ascension Cyber Outage).

As of Tuesday, some 232 union members had signed the petition. Dina Carlisle, a registered nurse who works at a non-Ascension hospital and is president of the Local 40 OPEIU RN staff council, told ISMG that Ascension Providence Rochester Hospital has communicated with the union, but it has still not implemented the specific patient safety measures requested in the petition.

Disturbing Trends

The attacks affecting NHS hospitals in the U.K. and Ascension facilities in the U.S. are among the latest hacking incidents that have caused major IT disruptions in the healthcare sector.

“These attacks are most often carried out by ransomware gangs residing in Eastern Europe, and it’s always possible the groups are being provided safe haven by the Russian government,” said Sean Deuby, principal technologist at security firm Semperis.

“In the last year, the LockBit and ALPHV ransomware gangs have conducted nearly 20% of all ransomware attacks and collected more than $1 billion in ransom payments from victims,” he said.

“I highly recommend that hospitals operate based on an ‘assumed breach’ approach. This not only means responding to the attack but being prepared to quickly recover should systems be compromised,” Deuby said.

“A threat actor with enough motivation and resources will find a way to infiltrate most hospitals, and that’s why they should implement solutions and practices for detecting, responding and containing breaches as soon as possible.”

As these assaults continue to surge, it is critical for healthcare sector entities and their major vendors to take action to strengthen their security posture, said Patrick Garrity, security researcher at security firm VulnCheck.

That includes quickly updating and patching systems that have vulnerabilities with known exploitation, he said. “It also means eliminating end-of-line applications and technologies, which can be difficult in a patient care environment due to the complexity involving things like medical devices. This shouldn’t be used as an excuse, though,” he said.

“I can confirm from working with healthcare providers in the U.K. and the U.S. that end-of-life technology is often rampant as healthcare organizations still rely on legacy systems and applications,” Garrity said. Maintaining and testing a backup and disaster recovery plan that includes ransomware scenarios internally and with third-party providers is also critical, he added.

Original Post url: https://www.databreachtoday.com/uk-vendors-attack-disrupts-care-at-london-nhs-hospitals-a-25410

Category & Tags: –

Views: 8

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Joas Antonio
ChatGPT for Cybersecurity by Joas Antonio dos Santos – malwareanalysis #reverseengineering
ChatGPT for Cybersecurity by Joas...
CISO2CISO Notepad Series
How Can We Structure Cybersecurity Teams To Better Integrate Security In Agile At Scale?
How Can We Structure Cybersecurity...
OCCUPYTHEWEB
Linux Basics for Hackers by Occupytheweb
Linux Basics for Hackers by...
NIST
Digital Forensics and Incident Response (DFIR) Framework for Operational Technology (OT) by NIST – Eran Salfati and Michael Pease
Digital Forensics and Incident Response...
Think Big Blog
Top 10 TED Talks to Learn about Cyber Security
Top 10 TED Talks to...
NCSC
NCSC Cyber Security for Small Business “SMEs” Guide.
NCSC Cyber Security for Small...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...

LASTEST PUBLISHED POSTS

CASOS DE USO APLICABLES EN UN SIEM
CASOS DE USO APLICABLES EN...
IGNITE Technologies
Burp Suite for Pentester
Burp Suite for Pentester
The Institute of Internal auditors
Auditing Risk Culture
Auditing Risk Culture
DevSecOps Guide
ATTACKING PHP APPLICATIONS
ATTACKING PHP APPLICATIONS
DevSecOps Guide
ATTACKING KUBERNETES WITH SECURITY BEST PRACTICE
ATTACKING KUBERNETES WITH SECURITY BEST...
CLTC WHITE PAPER SERIES
Guidance for the Development of AI Risk and Impact Assessments
Guidance for the Development of...
Active Directory
Active Directory IT AuditChecklist
Active Directory IT AuditChecklist
A guide to business continuity planning
A guide to business continuity...
LOG RHYTHM
Using MITRE ATT&CK™ in Threat Huntingand Detection
Using MITRE ATT&CK™ in Threat...
Kaspersky
H2 2023 – A brief overviewof main incidentsin industrial cybersecurity
H2 2023 – A brief...
Andrey Prozorov
24 Great Cybersecurity Frameworks
24 Great Cybersecurity Frameworks
ENISA-EUROPA
SEGURIDAD DE TELECOMUNICACIONES
SEGURIDAD DE TELECOMUNICACIONES

More Latest Published Posts

SF-ISAC
Digital Operational Resilience Act
Digital Operational Resilience Act
SYNGRESS
DIGITAL FORENSICS WITH Open Source TOOLS
DIGITAL FORENSICS WITH Open Source TOOLS
IT REVOLUTION DEVOPS ENTERPRISE FORUM
DevOps Automated Governance Reference Architecture
DevOps Automated Governance Reference Architecture
SANS GIAC CERTIFICATIONS
Detecting Attacks on Web Applications from Log Files
Detecting Attacks on Web Applications from Log Files
EUROPEAN DATA PROTECTION SUPERVISOR
ANNUAL REPORT 2023
ANNUAL REPORT 2023
TechTarget
IT Disaster Recovery Plan Template
IT Disaster Recovery Plan Template
Opstune
IOC Scan Framework v2.0
IOC Scan Framework v2.0
Federal Office for Information Security
Indirect Prompt Injections
Indirect Prompt Injections
the Department of the Environment Climate and Communications
Guidelines on CyberSecurity Specifications
Guidelines on CyberSecurity Specifications
Edelman
INCIDENT RESPONSE REFERENCE GUIDE
INCIDENT RESPONSE REFERENCE GUIDE
Security METRICS
Security Metrics Guide to PCI DSS Compliance
Security Metrics Guide to PCI DSS Compliance
SOC TIPS Cybersecurity
Guia de Resposta a Incidentes de Segurança para LGPD
Guia de Resposta a Incidentes de Segurança para LGPD
CDCP
FIREWALL Audit CHECKLIST
FIREWALL Audit CHECKLIST
GitGuardian
Secrets Management Maturity Model
Secrets Management Maturity Model
MegaCorp One
Sample Penetration Test Report
Sample Penetration Test Report
FORTINET
Routing in FortiGate
Routing in FortiGate
FUTURE OF PRIVACY FORUM
Risk Framework Body Related Data (PD) Immersive Tech
Risk Framework Body Related Data (PD) Immersive Tech
ENISA
Remote ID Proofing Good Practices
Remote ID Proofing Good Practices
Google
Why Red TeamsPlay a Central Rolein Helping OrganizationsSecure AI Systems
Why Red TeamsPlay a Central Rolein Helping OrganizationsSecure AI Systems
Red Canary
Threat Detection Report 2024
Threat Detection Report 2024
HADESS
Pwning the Domain Persistence
Pwning the Domain Persistence
Australian Goverment
PROTECTIVE SECURITYPOLICY FRAMEWORKSecuring government business:Protective security guidance for executive
PROTECTIVE SECURITYPOLICY FRAMEWORKSecuring government business:Protective security guidance for executive
CISC (Comité Internacional Sobre Ciberseguridad)
Política Nacional de Ciberseguridad 2023-2028
Política Nacional de Ciberseguridad 2023-2028
Google
Perspectiveson Securityfor the Board
Perspectiveson Securityfor the Board
HADESS
OSINT Method for Map Investigations
OSINT Method for Map Investigations
CCN-CERT
Observatorio Riesgos Ciberseguridad 2024
Observatorio Riesgos Ciberseguridad 2024
CYBERTHEORY
The ISMG Cybersecurity Pulse Report 2024 is a treasure trove of insights from the RSA Conference, revealing the dynamic landscape of cybersecurity. From AI to Zero Trust: A comprosive guide to the key themes and expert opinions from RSA CONFERENCE 2024 – #RSAC2024
The ISMG Cybersecurity Pulse Report 2024 is a treasure trove of insights from the RSA Conference, revealing the dynamic landscape of cybersecurity. From AI to Zero Trust: A comprosive guide to the key themes and expert opinions from RSA CONFERENCE 2024 – #RSAC2024
FORTINET
Bloking Malware Through Antivirus Security Profile in FortiGate
Bloking Malware Through Antivirus Security Profile in FortiGate