-advertisment-
Business

Time: 2024-07-19

Impact of Cyberattack on NHS Hospitals: Insights

Impact of Cyberattack on NHS Hospitals: Insights
-advertisment-

Impact of Cyberattack on NHS Hospitals in London

More than a month after the devastating Qilin cyberattack against NHS England , patient appointments are still being cancelled as a direct result of the disruption . According to reports published by NHS England , the Guys and St Thomas NHS Foundation Trust and Kings College Hospital NHS Foundation Trust , in the week ending 7 July , 1,286 acute outpatient appointments and 100 elective procedures had to be postponed . Since the attack on 3 June , a total of 6,199 acute outpatient appointments and 1,491 elective procedures have been postponed at Kings College Hospital NHS Foundation Trust and Guys and St Thomas NHS Foundation Trust . The widely reported disruption was caused by a ransomware attack on NHS England pathology lab partner Synnovis.

According to Dr Chris Streather , Medical Director for NHS London , improvements are being made and the number of appointments being postponed is falling week - on - week . In the first week , 814 elective procedures were postponed , compared to 136 in the most recent reporting period.
This is still having a significant impact on patients , and I understand it is distressing when a procedure is postponed . Across the capital we continue to work with our NHS colleagues to provide mutual aid to ensure minimal disruption to peoples care , especially in South East London . Working in partnership , NHS organizations across London are developing plans for the restoration of services , said Streather.

Impact of Cyberattack on NHS Hospitals: Insights

As a result of the attack , the two NHS Trusts most impacted have been forced to use more O - positive and O - negative blood , leading to a reduction in suppliers nationally . At the moment pathology services in some areas of London are running at almost half capacity as they struggle to keep up with the disruption . The investigation into the attack is on - going , with Synnovis continuing work on restoring its most essential digital infrastructure.

Earlier this month , the founding CEO of the UKs National Cyber Security Centre ( NCSC ) warned the outdated NHS systems are endangering its security and increasing vulnerability to cyberattacks.
Lets revisit the Qilin ransomware group , which recently drew considerable attention due to an attack on the healthcare sector . The highest ransom demand they issued was 0 million during their assault on Synnovis , a pathology services provider . This attack had profound impacts on several key NHS hospitals in London.

Qilin Ransomware Group and Cyberattack Techniques

First identified in July 2022 , Qilin has rapidly gained notoriety by launching its Ransomware - as - a - Service ( RaaS ) operations on underground forums as of February 2023 . Originally evolving from the Agenda ransomware , which was developed in the Go programming language , Qilin has since been redeveloped using Rust , reflecting a shift towards more robust and efficient malware construction techniques . Qilin , also known as Agenda Ransomware , has been particularly active and successful in its operations , having compromised over 150 organizations across 25 countries and spanning a diverse array of industries . In this blog , we aim to unpack the sophisticated techniques and procedures employed by Qilin , insights we ve gathered through meticulous efforts by our Threat Intelligence and Digital Forensics and Incident Response ( DFIR ) teams in recent incident responses.

Threat actor exploits well - known vulnerabilities in Fortinet devices . In some cases , organizations use firewall clusters running on different software versions ; sometimes , one of these versions is vulnerable . Another tactic involves leveraging the CVE-2023 - 27532 vulnerability found in internet - facing Veeam Backup & Replication software . Successfully exploiting this vulnerability enables attackers to access encrypted credentials from the configuration database . Upon execution , the ransomware seeks to elevate its privileges to the SYSTEM level . It accomplishes this by using an embedded Mimikatz module to steal the user token from a process such as lsass.exe , winlogon.exe , or wininit.exe . The ransomware then uses this stolen token to launch a new process under the security context of the acquired token.

To delete evidence of malicious activity , upon completing all tasks , it periodically cleans the Windows Event Logs in a separate thread using specific commands.

-advertisment-
-advertisment-
-advertisment-