A ransomware attack targeting Synnovis, a U.K. healthcare partnership, has significantly disrupted medical procedures in several of London’s largest hospitals.
The incident has prevented hospitals from matching patients’ blood types at a normal frequency. Surgeries and other procedures that require blood must use O type blood, which is safe for all patients; however, blood has a shelf life of only 35 days.
On June 11, the National Health Service’s Blood and Transplant (NHSBT) called for O Positive and O Negative blood donors to “urgently book appointments.”
“Patient safety is our absolute priority. When hospitals do not know a patient’s blood type or cannot match their blood, it is safe to use O type blood,” the NHSBT explained in a statement.
“NHS staff are continuing to go above and beyond to minimize the significant disruption to patients following the ransomware cyber-attack on Synnovis earlier this week.”
More ransomware attacks have targeted medical providers in recent months.
For ransomware gangs, healthcare providers are an obvious target for several reasons:
- Healthcare providers often rely on outdated systems for storing and transferring data.
- Data is often centralized, which raises the potential impact of an attack.
- Key systems may have a large number of authorized users, which establishes more potential vectors of attack.
- Compromised systems must be restored quickly — in many instances, failing to restore data could literally have life-or-death consequences.
The downside, for bad actors, is political; attacks on critical infrastructure draw substantial attention from the public (and from authorities). But as ransomware techniques have become more sophisticated, bad actors have become more audacious.
In May 2024, Ascension, which operates over 140 hospitals across the United States, experienced an ongoing service outage related to a ransomware attack. And from 2022 to 2023, the scale and frequency of ransomware attacks on the healthcare sector nearly doubled.
Ransomware gangs will continue to target healthcare providers for the foreseeable future.
To effectively defend against ransomware, organizations should prioritize the implementation of policy controls that minimize the likelihood of an attack or mitigate its impact. Thoughtful user authorization practices, regular data backups, and comprehensive education on phishing and social engineering can help prevent key systems from being affected by ransomware.
Datarecovery.com offers professional services to assist clinics, hospitals, and businesses in combating the effects of ransomware and recovering their critical data.
From ransomware recovery to penetration (PEN) testing, disaster recovery deployment, and ransomware investigation, we’re dedicated to providing solutions supported by decades of experience. To learn more, submit a case online or call 1-800-237-4200 to speak with an expert.
