NHS Trusts Affected by Qilin Ransomware Attack Postponing Over 1,500 Appointments

Two NHS trusts, Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospital NHS Foundation Trust, had to cancel about 1,500 procedures and outpatient visits after the ransomware attack on Synnovis. The impacted NHS hospitals continue to be open and providing care as usual; nevertheless, consultations were postponed as cases that seriously need pathology services and blood tests are being prioritized.

Many phlebotomy visits were postponed. Operations for 97 cancer treatments and 18 organ transplants were also postponed. Five planned c-sections were rescheduled, and over 860 outpatient consultations were canceled.

That number will likely increase considering that other NHS trusts were impacted by the ransomware attack. From June 3 to June 9 alone, 1,500 consultations scheduled were postponed. It is expected that Synnovis could re-establish some IT functions in a few weeks but disrupted services may continue for a couple of months.

The attack still affects blood-matching testing, which has compelled the impacted hospitals to make use of O Positive and O Negative blood for patients who urgently need substitute matching methods. That has resulted in a scarcity of O-type blood, with the NHS addressing the scarcity by asking the public to urgently organize blood donation campaigns throughout the nation, with the big demand probably to go on for many weeks.

Because of the effect of this ransomware attack, some affected hospitals had gotten the help of volunteer medical students to work up to 12 extra hours. Their help would likely be necessary for extended periods as well.

The Qilin ransomware group responsible for the attack informed Bloomberg that they required the victims to pay a $50 million ransom within 120 hours. They additionally stated that they had acquired access to the Synnovis system by taking advantage of a zero-day vulnerability, but they didn’t say which vulnerability they exploited. The Qilin group claims to have included data (potentially including PHI) stolen from Synnovis on its data leak page. It is still under investigation whether the data belongs to Synnovis and if the exposed data is related to NHS.