Three NHS hospitals in London have been forced to divert ambulances and cancel operations after they were hit by a cyber attack.
The attack has so far affected a number of trusts in the UK capital, with Guy’s and St Thomas’ and King’s College Hospital among those disrupted by the attack.
The attack is apparently affecting pathology services, according to an email from Professor Ian Abbs, chief executive officer of Guy’s and St Thomas’ NHS Foundation Trust, which was seen by The Sunday Times (via Metro).
Canceled transplants and major surgeries
The letter states, “I can confirm that out pathology partner Synnovis experienced a major IT incident earlier today, which is ongoing and means that we are not currently connected to the Synnovis IT servers.”
The letter continues to explain that primary care across south east London is being affected, with blood transfusions taking a significant hit from the attack. The letter also stated that an incident response team is investigating the attack.
Responding to the news of the attack, Trevor Dearing, Director of Critical Infrastructure at Illumio said, “NHS systems are a prime target for cybercriminals because one tiny breach can impact multiple entities. This is another example of why breach containment is paramount – containing attacks at the point of entry can dramatically reduce the impact of a breach.”
“The ‘chaos factor’, the act of causing mass societal upheaval, is now the driving force behind many cyberattacks, and healthcare is one of the few sectors where cyberattacks can fatally impact human life,” Dearing continued.
“The fact the attacker gained access to the network through a third-party IT supplier isn’t a surprise. Many healthcare organisations are reliant on these systems to function, and as seen in the Capita IT attack, when these providers are hit, it can have widespread repercussions.”
“This is another example of the importance of supply chain security and why hospitals must ensure security controls extend to their third-party software providers. Cybercriminals will always go after the weakest link to gain access to more valuable systems. This is why it’s important to implement a Zero Trust approach. Based on the mantra of “never trust, always verify”, healthcare organisations can tightly control access to critical systems and prevent unauthorised entities from accessing them,” Dearing concluded.
The attack, which is thought to have occured on Monday, comes weeks after NHS England released data showing that the UK public is not confident about NHS cybersecurity at all.
More from TechRadar Pro
- Here is our guide to the best endpoint protection tools on offer
- It's been a bad week for public cybersecurity
- These are the best malware removal tools around