Increases in Ransomware are set to continue.
Operations have been cancelled at several of London’s largest hospitals, and a critical incident emergency status declared, following a ransomware attack on a third-party provider leaving healthcare professionals without access to pathology services. The attack, which was detected on Monday, impacted a company called Synnovis that provides pathology services, such as blood tests for transfusions, to a number of healthcare organizations, according to reports and internal emails published on social media. Why it matters:
Ransomware Attacks on Healthcare Sector:
The Synnovis ransomware attack shares a concerning trend of cyber attacks on the health sector, particularly ransomware. According to the Information Commissioner’s Office, there have been 215 ransomware incidents in the UK’s health sector since 2019. These attacks disrupt essential services, possibly threatening patients’ lives and personal data.
Reporting and Regulatory Issues:
Despite a decrease in reported cyber attacks from 106 in 2022 to 32 in 2023, both the Information Commissioner’s Office and the National Cyber Security Centre have expressed concern about a possibly significant number of unreported ransomware incidents. This lack of transparency could undermine efforts to tackle the issue effectively and prevent future attacks.
Impact on Patient Services and Data:
The attack on Synnovis has led to a major disruption of services such as blood transfusion, potentially putting patients at risk. Meanwhile, patient data continues to be a significant target for cyber extortionists, as illustrated by the Medibank incident in Australia in 2022, where sensitive data of around 480,000 individuals was published online.
