NHS ransomware attackers had been ‘primarily based in Putin’s Russia’
NHS ransomware attackers who left three London hospitals crippled were reportedly based in Russia and hunted by cyber police.
The assault led to major delays to operations, blood tests and transfusions and is being investigated by the National Cyber Security Centre.
There has been a significant impact’ at King’s College Hospital, Guy’s and St Thomas’.
The Telegraph reported the sources of the attack are believed to be based in Russia.
It comes after warnings from experts that the cyber attack could last for weeks.
It was revealed that GP surgeries in six London boroughs have been crippled by the same attack which led to operations and blood transfusions being cancelled.
The attack, which first hit London hospitals on Monday, is affecting Guy’s, St Thomas’, Brompton, Harfield and King’s College Hospital Trusts
It is understood IT system Synnovis, which serves NHS pathology labs, was the target of the attack
In addition to cancelling potentially life-saving surgeries, the hack has also caused havoc at GP surgeries across six London boroughs.
GP surgeries in boroughs with a combined population of at least 1.8 million people are impacted: Bexley, Greenwich, Lewisham, Bromley, Southwark and Lambeth.
It is understood IT system Synnovis, which serves NHS pathology labs, was the target of the attack.
A senior source told the Health Service Journal (HSJ) that accessing pathology results could now take ‘weeks, not days’.
It was earlier reported that hospital staff are being forced to cancel key surgeries or send patients to other facilities at short notice, with the attack particularly affecting transfusion services.
The Royal Brompton and Harefield have had to cancel potentially life-saving transplant operations, with Evelina London Children’s Hospital also affected.
A spokesman for King’s College Hospital in London confirmed it was affected by the cyber attack which is reported to have hit several NHS trusts in the capital.
The incident meant some departments could not connect to their main server.
In a letter to staff, King’s said the ‘major IT incident’ was having a major impact on the delivery of services, with blood transfusions particularly affected.
According to the Health Service Journal (HSJ), several senior sources have told it the system has been the victim of a ransomware attack.
One said gaining access to pathology results could take ‘weeks, not days’.
There are suggestions urgent and emergency care at the hospitals will be affected as they may not be able to access quick-turnaround blood test results.
An email sent to staff at Guy’s and St Thomas’ said doctors should only order key tests – including blood tests and swabs – if ‘clinically urgent’.
Another states blood will only be issued to ‘urgent’ cases who have a ‘critical’ need.
Reverend Mandy MacVean told MailOnline her 18-month-old grandson had been due to have a kidney transplant, donated by his mother, at the Evelina Children’s Hospital on Wednesday, but it has now been cancelled.
She said: ‘The family have gone to the hospital today and have now been told that both operations are cancelled due to the cyber attack.
Transplant surgeries at the Royal Brompton (pictured) have reportedly been cancelled
‘These operations only take place once a month so they now have to wait until July.
‘Apart from the baby now having to return to daily dialysis, my son and daughter in law have taken time off work for this operation.
‘They also have a three-year-old whose world has already been turned upside down by his baby brother’s condition. This attack could not have come on a worse day.’
Katie Al Nasser’s mother was due to have a nine-hour operation on a cancerous tumour at King’s College hospital today.
That was also cancelled, with staff informing the family it was due to ‘low blood transfusion levels.’
Vanessa Welham from Streatham, south west London, said that her husband’s blood test at Gracefield Gardens health centre was cancelled on Monday evening and he was informed that local centres were not taking bookings for an ‘indefinite period of time’.
She said: ‘My husband received a text message last night advising his appointment this morning had been cancelled due to circumstances beyond their control, and that all major south London hospitals – King’s, St Thomas’, Guys, Evalina and Gracefield Gardens – are unable to take any bookings for an indefinite period of time.
‘He went on to the Swift website and made a new appointment – the earliest available was June 17, but that’s probably questionable.’
One patient, Oliver Dowson, 70, was prepared for an operation from 6am on Monday June 3 at Royal Brompton when he was told by a surgeon at about 12.30pm that it would not be going ahead.
He said: ‘The staff on the ward didn’t seem to know what had happened, just that many patients were being told to go home and wait for a new date.
‘I’ve been given a date for next Tuesday and am crossing my fingers – it’s not the first time that they have cancelled, they did it on May 28 too, but that was probably staff shortages in half-term week.’
An email seen by The Mirror read: ‘This is having a major impact on the delivery of our services, with blood transfusions being particularly affected.
‘Some activity has already been cancelled or redirected to other providers at short notice as we prioritise the clinical work that we are able to safely carry out.’
It added: ‘While we do not yet know all the details or how long this issue will take to resolve we will keep you updated through the usual routes, including through the clinical alert system.’
The system targeted by hackers, Synnovis, is run by SYNLAB UK & Ireland and performs more than 32 million pathology tests a year.
The company says it serves 1.7 million people in southeast London each year as it collaborates with the two affected NHS hospital trusts.
NHS officials said they were working with the National Cyber Security Centre to understand the impact of the ransomware cyber attack affecting some London hospitals.
A spokesperson for NHS England London region said: ‘On Monday June 3 Synnovis, a provider of lab services, was the victim of a ransomware cyber attack.
‘This is having a significant impact on the delivery of services at Guy’s and St Thomas’, King’s College Hospital NHS Foundation Trusts and primary care services in south-east London and we apologise for the inconvenience this is causing to patients and their families.
‘Emergency care continues to be available, so patients should access services in the normal way by dialling 999 in an emergency and otherwise using 111, and patients should continue to attend appointments unless they are told otherwise. We will continue to provide updates for local patients and the public about the impact on services and how they can continue to get the care they need.
‘We are working urgently to fully understand the impact of the incident with the support of the government’s National Cyber Security Centre and our cyber operations team.’
A government spokesperson said: ‘The Department of Health and Social Care, NHS England and the National Cyber Security Centre are working together to investigate a cyber incident affecting a number of NHS organisations in South East London.
‘Patient safety is our priority and support is being offered to the impacted organisations.’
In a statement confirming the attack, Mark Dollar, Synnovis CEO said: ‘On Monday 3 June, Synnovis – a partnership between two London-based hospital Trusts and SYNLAB – was the victim of a ransomware cyberattack. This has affected all Synnovis IT systems, resulting in interruptions to many of our pathology services.
‘It is still early days and we are trying to understand exactly what has happened. A taskforce of IT experts from Synnovis and the NHS is working to fully assess the impact this has had, and to take the appropriate action needed.
‘We are working closely with NHS Trust partners to minimise the impact on patients and other service users.
‘Regrettably this is affecting patients, with some activity already cancelled or redirected to other providers as urgent work is prioritised.
‘We are incredibly sorry for the inconvenience and upset this is causing to patients, service users and anyone else affected. We are doing our best to minimise the impact and will stay in touch with local NHS services to keep people up to date with developments.
‘We take cybersecurity very seriously at Synnovis and have invested heavily in ensuring our IT arrangements are as safe as they possibly can be.
‘This is a harsh reminder that this sort of attack can happen to anyone at any time and that, dispiritingly, the individuals behind it have no scruples about who their actions might affect.
‘The incident is being reported to law enforcement and the Information Commissioner, and we are working with the National Cyber Security Centre and the Cyber Operations Team.
‘We will share further updates as we know more, but regret that we are unable to respond to individual queries from the media at this time – thank you for your understanding.’
NHS England has been contacted for comment.