The recent cyber attack on Synnovis has made front-page news over the last few days due to its significant impact on pathology services at London hospitals and the subsequent increased requests for blood donors. The Future Blood Testing Network Plus has consulted researchers, Prof Carsten Maple and Dr Gregory Epiphaniou, from the Secure Cyber Systems Research Group at WMG, University of Warwick, to gain insight into why this attack has severely affected pathology services.
A recent cyber attack has caused significant challenges for NHS Blood and Transplant leading to the organisation issuing an urgent appeal for blood donations.
It is becoming commonplace to read or hear about a new cyber attack in the public or professional media. The UK has seen a sharp rise in severe cyber attacks, particularly those aimed at extorting money from the victim – ransomware attacks. According to the National Cyber Security Centre (NCSC), the number of ransomware attacks surged by over 27% in the past year. The NCSC received 2,005 incident reports in 2023, a 64% increase from the previous year, with 371 of these being severe enough to involve their Incident Management team (NCSC Annual Report, 2023).
Ransomware attacks have impacted a broad spectrum of sectors, from healthcare to cultural institutions such as the British Library attack in October last year.
The rise in ransomware is fuelled by a criminal ecosystem where cybercrime services can be easily procured. This allows attackers to execute ransomware attacks effectively. These criminals typically demand payments in cryptocurrencies including Bitcoin, which are difficult to trace. Even if the ransom is paid, victims may not regain access to all their files (Joint Committee on National Security Strategy, 2023).
The attack early this week on Synnovis, a pathology service provider for major London hospitals, disrupted the ability to match patient blood types. This led to an urgent appeal for O-type blood donors. O Positive blood can be given to anyone with a positive blood type, benefiting three-quarters of the population, while O Negative, known as the universal blood type, can be given to any patient (BBC News, 2024a).
The suspected perpetrators of the attack are the Qilin ransomware cyber gang, a Russian group recognised for operating a ransomware-as-a-service model over the last two years. In this instance, the attackers likely accessed Synnovis’ systems by sending phishing emails. Then, they will then have used IAX Active Directory security to increase their privilege level and propagate throughout the network. To coerce victims into paying the ransom, the Qilin gang uses double extortion, encrypting data and exfiltrating private information. The first extortion concerns requiring a payment in exchange for the decryption keys so that the victim can recover information that is encrypted, and the second requires payment to prevent release of the private information. This latest incident is reflective of a growing pattern of attacks on the healthcare industry, with similar attacks affecting SYNLAB Italia in April 2024 and the NHS Dumfries & Galloway in March 2024.
The NHS has announced that recovery from the attack could take months, and given recent attacks that is likely to be the minimum disruption. The impact of cyber attacks can be profound and long-lasting. The cyber attack on the British Library led to a major technology outage, causing substantial damage. This has required the installation of a new computing infrastructure, and despite efforts to restore services, disruptions persist. In November, the attackers released some of the library’s data onto the dark web, including personal user information (British Library, 2024). It is unknown which information has been captured in the Synnovis breach, but it is likely that at least some of that will be donor personal information and will be released in some way – the attackers wanting to show they will make good on their threats as a message to future victims. It is likely that as with the British Library, Synnovis and the NHS will work with NCSC to understand and recover from the attack. Despite the escalating threat, less than half of organisations have a formal ransomware plan – indeed it has recently been reported that 8% of victims have resorted to paying ransom demands (Thales, 2024).
The increase in cyber attacks underscores the urgent need for robust cybersecurity measures. Organisations need to develop comprehensive plans to address ransomware threats and invest in resilient defenses. Continuous research and investment in cybersecurity are essential to protect critical national infrastructure, maintain public trust, and ensure national security. Addressing these challenges head-on is crucial for the UK’s resilience against the evolving cyber threat landscape (Craig, 2018; Royal Society, 2022).
Authors
Prof Carsten Maple is Director of the NCSC-EPSRC Academic Centre of Excellence in Cyber Security Research and Professor of Cyber Systems Engineering at the University of Warwick. He is also a co-investigator of the PETRAS National Centre of Excellence for IoT Systems Cybersecurity, is the Research Innovation Director at EDGE-AI, the National Edge Artificial Intelligence Hub, and is a Fellow of the Alan Turing Institute.
Dr. Gregory Epiphaniou is an Associate Professor of Security Engineering at the University of Warwick, focusing on bid support, applied research, and publications. His research includes threat source characterisation and wireless communications, mainly on crypto-key generation through V-V channels. He has led and contributed to research projects worth over £20M, funded by EPSRC, IUK, and local authorities. He holds industry certifications in Information Security and has collaborated with the UK MoD. He is a subject matter expert at the Chartered Institute for Securities and Investments, a technical committee member for scientific conferences, and acted as a key member in forming the UK Cybersecurity Council WS5.
References
BBC News, 2024a. O-type blood donors needed after London cyber-attack. [online] Available at: https://www.bbc.co.uk/news/articles/c2eeg9gygyno.
British Library, 2024. British Library cyber incident review. [online] Available at: https://www.bl.uk/home/british-library-cyber-incident-review-8-march-2024.pdf.
Craig, A., 2018. Effective cyber security research can support the resilience of our digital and physical infrastructures.
Joint Committee on National Security Strategy, 2023. A hostage to fortune: ransomware and UK national security. [online] Available at: https://publications.parliament.uk/pa/jt5804/jtselect/jtnatsec/194/report.html.
NCSC Annual Review, 2023. https://www.ncsc.gov.uk/collection/annual-review-2023
Royal Society, 2022. Continuous investment in cybersecurity to counter evolving risks.
Thales, 2024. Thales data threat report reveals rise in ransomware attacks, as compliance failings leave businesses vulnerable to breaches. [online] Available at: https://www.thalesgroup.com/en/worldwide/security/press_release/2024-thales-data-threat-report-reveals-rise-ransomware-attacks.