An update from the victim of the ransomware assault perpetrated by Russian outfit Qilin has revealed further detail of the sensitive data stolen, and the difficulty of restoring impacted systems
The sensitive data published following the recent cyberattack on pathology provider Synnovis included patients’ names, NHS numbers and details of the type of test procedures they were administered.
Qilin, the Russian cyber gang behind the attack, first announced almost two weeks ago that it had published as many as 300 million items of data stolen in the ransomware assault perpetrated on 3 June. Synnovis last week confirmed that some “patient-identifiable” information was contained in the 4GB of data released on the dark web by the attackers.
Following further investigation, the pathology provider – a joint venture between diagnostics firm Synlab and two major NHS trusts: King’s College Hospital; and Guy’s and St Thomas’ – has revealed that the leaked data includes “information [that] may contain personal data such as names, NHS numbers and test codes identifying the requested test” to be provided to the patient in question.
The stolen information “represents a partial copy of content from Synnovis’ administrative working drives… [that] held information which supported our corporate and business support activities”, according to an update published this week.
“The format and partial nature of what has been published makes it complex to interpret,” Synnovis added. “As is typical in such incidents, it will take some time to conduct a comprehensive analysis in order to identify the full nature of the impacted data, organisations and individuals.”
The pathology firm said that “almost all… IT systems were affected” by the attack. The resulting disruption has meant that many processes – including the analysis of samples and the provision of test results to patients – “have had to revert to paper and manual, rather than electronic, protocols, which has significantly affected capacity and delivery”.
Related content
- Cybercriminals release ‘substantial amount’ of Scottish NHS data
- Capita admits possible compromise of customer data during cyberattack
- Cyber Security Week: Analysis – how and where are attackers getting in?
Recovery and response efforts have already made some progress, including the implementation of middleware technology “that simplifies the reporting and transmission of results… [and has] also increased the volumes able to be processed at our Blackfriars hub laboratory”.
“Full restoration of systems will take some time however, and we are working closely with our NHS partners and suppliers to deliver each phase in a safe and secure manner,” the update added.
Since the attack, the NHS has revealed that more than 4,650 operations and appointments – including over 200 scheduled cancer treatments – have been cancelled as a result of the fallout. Pathology operations, meanwhile, have been operating at as little as 10% of their usual capacity, resulting in a urgent call for donations of type O blood – which can be safely used in all patients, minimising the need for testing.
Synnovis’s latest update reveals that NHS entities across the six boroughs defined as south-eats London – Bexley, Bromley, Greenwich, Lambeth, Lewisham, and Southwark – have implemented a “mutual aid” plan. Synlab facilities in other parts of the UK and overseas have also pitched in to provide support.
“Every available resource is focused on delivering the interim solutions required to contain impact while continuing to deliver clinically safe services and rebuilding service capacity,” the pathology provider said.
The two trusts that have been principally affected are among the largest in the UK, and typically engage with a collective total of 10,000 patients every day.
Synnovis said that it continues to work with NHS cyber specialists, as well as representatives of law enforcement, the National Cyber Security Centre and the Information Commissioner’s Office, to investigate the attack.
“We are very aware of the impact and upset this incident is causing to patients, service users and frontline NHS colleagues, and for that I am truly sorry,” said the pathology provider’s chief executive Mark Dollar. “While progress has been made, there is much yet to do, both on the forensic IT investigation and the technical recovery. We are working as fast as we can and will keep our service users, employees and partners updated.”