London NHS hospitals revert to paper records after cyberattack NHS The Guardian

pDisruption has affected wider range of health providers than first thought including GPs and community and mental health servicesppA cyberattack thought to have been carried out by a Russian group has forced London NHS hospitals to resurrect longdiscarded paper records systems in which porters handdeliver blood test results because IT networks are disruptedppGuys and St Thomas trust GSTT has gone back to using paper rather than computers to receive the outcome of patients blood testsppSynnovis which analyses blood tests for GSTT is still undertaking the work despite being hit on Monday by a largescale ransomware attack that has caused serious problems for the NHSppA GSTT clinical staff member said Since the attack Synnovis have had to print out the blood test results when they get them from their laboratories which are on site at Guys and St ThomasppPorters collect them and take them up to the ward where that patient is staying or to the relevant department which is in charge of their care The doctors and nurses involved in their care then analyse them and decide on that persons treatment depending on what the blood test showsppThis is happening because Synnoviss IT cant communicate with ours due to the cyberattack Usually blood test results are sent electronically but thats not an option just nowppThe disclosure came as more details emerged about the impact of the latest hacking incident to hit the NHS which Ciaran Martin the former chief executive of the National Cyber Security Centre said had been perpetrated by Russian cybercriminalsppThe attack thought to be by the Qilin gang has forced seven London hospitals run by GSTT and Kings College trust to cancel undisclosed numbers of operations blood tests and blood transfusions and declare a critical incident Between them the trusts provide acute and various forms of specialist care for 2 million people across six boroughs in southeast LondonppThe Guardian can reveal that despite previous denials the hack has also affected the South London and the Maudsley Slam trust Englands largest provider of mental health servicesppProf Ian Abbs GSTTs chief executive said in a letter to trust staff on Tuesday evening that the very significant incident was having a major impact on the delivery of services at our trust Kings trust and primary care services within southeast LondonppDozens of GP surgeries across the region have also had their ability to request blood tests and receive the results affected sources saidppAbbs said that a wider range of services hasbeen affected beyond those which the NHS had acknowledged It is also affecting other hospital community and mental health services across the region he added making a reference to the Slam trustppMartin said the attack on Synnovis had led to a severe reduction in capacity and was a very very serious incidentppRussianbased cyber hackers have done automotive companies theyve attacked the Big Issue here in the UK theyve attacked Australian courts Theyre simply looking for money he addedppMeanwhile a leading expert in IT security warned that the attack could mean blood test results which the NHS is using to guide patients care have been manipulatedppJohn Clark a professor of computer and information security at the University of Sheffield said Patient safety is of paramount concern and the accuracy of results is essential so it is important to stress that unless it is known what has happened to the system the accuracy of any stored data cannot be ensuredppDetermining whether stored data has been manipulated may simply not be possible and tests may have to be rerun and results rerecordedppHackers could also cause mayhem for NHS trusts by targeting their appointments booking systems he warnedppThe outsourcing to companies of more and more functions previously undertaken by government departments and agencies has increased the latters vulnerability to cyberhacking he said Many services are outsourced by government agencies including the NHS Clark said Connectivity with such external systems radically increases the number of entry points for attack on services provision and the systems that combine to provide themppA separate source confirmed to the Guardian that the Qilin group was the assailant It is understood there is no indication of the attack having spread despite Synnovis having contracts with other NHS trusts around the countryppMartin said that the attack appeared to have been made as disruptive as possible in an attempt to secure a ransomppIt does look like a targeted operation designed to hurt so they would have to pay up he saidppThe tech company behind Synnovis Munichbased Synlab was hit by a ransomware attack in April from a different group known as BlackBasta and does not appear to have paid a ransom Typically ransomware gangs extract data from the victims IT system and demand a payment for its returnppData from the hack of Synlabs Italian branch was published online in full last month indicating that no ransom payment had been made It is not illegal in the UK to pay ransomware gangs although it is against the law to pay ransoms if the affected entity knows or suspects the proceeds will be used to fund terrorismppMartin said most ransomware gangs operate within Russia albeit without direct influence from the Russian stateppMost of these groups are Russianhosted and tolerated but not directed by the state Russia is a giant safe haven for cybercrime he saidppQilin is known as a ransomwareasaservice group meaning it hires out malware to fellow criminals in exchange for a cut of the proceeds and also vets who is targetedppLast year victims of ransomware attacks paid out a record 11bn to assailants according to the cryptocurrency research firm Chainalysis double the 2022 totalppRansomware gangs typically demand payment in cryptocurrency which they find easier to move across international boundaries and can be less traceable if certain exchanges are used The average ransomware payment over the past year has risen 500 to 2m 16m according to Sophos a British cybersecurity companyp