'Russian criminals' behind hospitals cyber attack
Russian hackers are behind the cyber attack on a number of major London hospitals, according to the former chief executive of the National Cyber Security Centre.
Ciaran Martin told BBC Radio 4's Today programme that the criminal group were "looking for money" by targeting the pathology services firm Synnovis.
Hospitals declared a critical incident on Tuesday after the ransomware attack, which affected blood transfusions and test results.
It also led to operations being cancelled and emergency patients being diverted elsewhere.
'Serious type of ransomware'
King’s College Hospital, Guy’s and St Thomas’ - including the Royal Brompton and the Evelina London Children’s Hospital - and primary care services are among those affected.
Mr Martin told the programme: "We believe it is a Russian group of cyber criminals who call themselves Qilin."
He said the group, which operates on the dark web, operated "freely from within Russia".
The cyber security expert explained that the group had previously attacked automotive companies, Australian courts, and the Big Issue in the UK.
He said: "They're simply looking for money," but said the British government had a policy of not paying ransoms.
He told the BBC that the criminal group were "unlikely" to have known they would cause healthcare disruption when they organised the attack.
He added: "There are two types of ransomware attack. One is when they steal a load of data and they try and extort you into paying so that isn't released, but this case is different.
"It's the more serious type of ransomware where the system just doesn't work."
Mr Martin said the attack was "one of the more serious that we've seen in this country".
When asked about patient data, he said: "It's not really a question of data in this one, it's a question of the services.
"The criminals are threatening to publish data, but they always do that. Here, the priority is the restoration of services."
'Disruption continues'
As of Wednesday evening, the NHS was reporting that disruption continued to affect services at Guy’s and St Thomas’ NHS Foundation Trust, King’s College Hospital NHS Foundation Trust and primary care providers in south-east London.
An NHS London spokesperson said: “All urgent and emergency services remain open as usual and the majority of outpatient services continue to operate as normal.
“Unfortunately, some operations and procedures which rely more heavily on pathology services have been postponed, and blood testing is being prioritised for the most urgent cases, meaning some patients have had phlebotomy appointments cancelled."
NHS London added: “We are sorry to all patients impacted."
Patients are advised to access services in the normal way by dialling 999 in an emergency and otherwise using NHS 111.
NHS London said patients should continue to attend appointments unless they were told otherwise.
It said it had launched a "cyber incident response team" and that staff were working "around the clock" to minimise disruption.
One patient told BBC London that he was just moments from receiving a heart operation when the hospital cancelled the procedure due to the cyber attack.
Oliver Dowson said the surgeon explained "there was an issue with the blood bank".
He said: "When you've been sitting there since the crack of dawn in a smock waiting to have open-heart surgery, however calm I tried to feel, you still get a bit nervous."
He said he was "upset and angry" about his procedure being rescheduled to next week.
Synnovis, which provides pathology services for the NHS, opened new laboratories in Southwark in April.
The company says it currently processes about 100,000 blood tests a day and serves about two million patients.
Synnovis said it was unable to comment further on the cyber attack.
Listen to the best of BBC Radio London on Sounds and follow BBC London on Facebook, X and Instagram. Send your story ideas to [email protected]