Compliance
Synnovis Cyberattack Highlights Vulnerability of NHS Supply Chains
On Monday, June 3rd, Synnovis—a partnership between two London-based hospital trusts and SYNLAB—fell victim to a ransomware cyberattack. This incident severely disrupted all Synnovis IT systems, causing interruptions to its pathology services. Such supply chain attacks, while increasingly common, pose risks to patient care and safety within the NHS.
In the last few years, we have seen several high-profile supply chain attacks. For instance, the Advanced attack in August 2022 used a double extortion method, both encrypting and exfiltrating victims' files. This incident highlighted the need for robust cyber defences and swift containment measures.
Following the detection of suspicious activity, Advanced’s security team disconnected the entire Health and Care environment. This action limited the encryption and stopped further threat actor activity. However, it also meant that customers lost access to critical systems and the outage affected over 5.5 million patients across Scotland, England and Wales, forcing doctors and medical staff to keep patient files on pieces of paper and email for months as systems remained offline until mid-October following the discovery of the attack two months before.
The impact of the recent Synnovis attack has been just as profound and far-reaching. According to The Guardian, GSTT clinical staff reported that blood test results, usually sent electronically, now had to be printed and physically delivered by porters to various departments. This manual process significantly disrupted patient care, causing delays in treatment decisions.
The Qilin gang, suspected of being behind the attack, forced seven London hospitals run by GSTT and King’s College trust to cancel numerous operations, blood tests, and blood transfusions, prompting the declaration of a “critical incident.” These trusts provide acute and specialist care to 2 million people across six boroughs in southeast London. The ransomware attack also led to an urgent appeal for O blood-type donors across England, as affected hospitals struggled to match patients' blood needs at the usual frequency.
To mitigate such risks, NHS and other public sector organisations should start by adopting several measures to protect against supply chain risks:
- Consistently Monitor and Improve Yours and Your Suppliers’ Cyber Hygiene and Identify and Mitigate Vulnerabilities Before Attackers Exploit Them: Implementing multi-factor authentication (MFA) and ensuring systems are secure by design. Regularly auditing the security controls of suppliers and dynamically assessing the risks posed by interconnected systems via tools such as Trend’s Attack Surface Risk Management (ASRM).
- Trusted Suppliers: Choosing suppliers with robust security practices who have signed up for secure by design principles, like Trend Micro.
- Threat Hunting and Incident Response: Proactively hunting for threats with services such as Trend Micro’s Targeted Attack Detection which scans for early indicators of compromise (IoC) using industry-leading threat research and the Trend Micro™ Smart Protection Network™. They should also develop and rehearse comprehensive incident response plans to ensure quick recovery from breaches.
In the NHS context, cyber incidents should be treated with the same urgency as any event disrupting normal services. Effective emergency planning, response, and recovery are crucial to restoring patient care swiftly after a cyber breach.
By taking proactive measures and fostering a culture of cybersecurity resilience, NHS trusts can better protect their systems and, most importantly, ensure the safety and well-being of their patients.