Latest news with #Synnovis
Arabian Post
3 days ago
- Health
- Arabian Post
Healthcare Ransomware Shockwaves Expose Critical Vulnerabilities
A major ransomware assault on a leading diagnostic and pathology services provider has sent healthcare operations into disarray, pausing thousands of patient procedures, crippling essential services like blood transfusions and cancer screenings, and exposing sensitive patient data across multiple hospitals. Investigators have attributed the attack to the Qilin ransomware group, known to operate under Russia's ransomware-as-a-service infrastructure. The breach exploited weak multi-factor authentication, excessive privileged access, orphaned accounts and insufficient endpoint protection, enabling attackers to penetrate deeper into connected hospital systems and halt critical workflows. Patient safety was immediately compromised when blood flow tests and cancer diagnosis processes were suspended. Internal communications from affected hospitals indicated emergency reliance on paper systems and patient diversions to unaffected facilities. In London, a Qilin attack on the Synnovis pathology partner on 3 June led to over 1,100 surgeries and nearly 2,000 outpatient appointments being rescheduled—or cancelled entirely—due to disrupted access to test results and blood supplies. More than 50 organ transplants required reallocation to alternate sites. ADVERTISEMENT The breach has also prompted the release of thousands of blood test files and other personal data onto dark web leak platforms, heightening the risk of identity theft and fraud. The compromised information includes full names, addresses, dates of birth, medical histories and insurance records. In North Carolina, a similar attack by the ransomware group SafePay targeted a major pathology firm in mid-January, later affecting over 235,000 patient records—a breach officially reported to the U.S. Department of Health and Human Services on 22 May. Healthcare systems rank among the most targeted industries. Microsoft's Threat Intelligence Briefing shows a 300 per cent rise in ransomware attacks since 2015, with the sector enduring one of the highest rates of impact due to its dependence on continuous digital operation. Daily downtime costs may reach US $900,000, underscoring the steep financial stakes alongside clinical liability. The motivations behind these attacks differ from those aimed at financial institutions. While banks are targeted for direct financial gain, ransomware in healthcare also exploits urgency and ethical pressure—where patient lives are at risk—to extort quicker payments. Attackers commonly leverage double extortion tactics, threatening both to encrypt systems and publicly disseminate sensitive data if demands are not met. Recovery from such incidents is often hampered by bureaucratic red tape. Hospitals are typically required to submit detailed assurance or attestation letters before reconnecting with third-party vendors—processes that can take days and exacerbate service disruption. Experts argue for streamlined protocols, proposing primary approval from central incident-response agencies to accelerate recovery. Resilience remains patchy. A confluence of legacy systems, fragmented infrastructure, under-resourced IT teams and delayed security patching has left healthcare networks highly vulnerable. A study by the U.S. Department of Health and Human Services revealed a 93 per cent rise in large breaches from 2018 to 2022, with ransomware accounting for a 278 per cent spike. Surveys indicate nearly two-thirds of hospitals report patient-care disruption during ransomware incidents, 28 per cent cite higher mortality rates, and breaches have measurably worsened outcomes, with heart attack mortality increasing by roughly 0.3–0.4 percentage points following data breaches. Analysts emphasise that governance and organisational discipline are as crucial as technical defences. Key measures include enforcing multi-factor authentication, conducting regular access reviews, deploying endpoint detection and response, and swiftly applying security patches. Adopting zero-trust architectures with microsegmentation has proven effective at limiting lateral movement, as demonstrated by recent deployments in paediatric hospital networks. Yet, major gaps remain in consistent implementation. The United Kingdom's National Cyber Security Centre is urging healthcare providers and their vendors to learn from these failures. They recommend joint incident response drills involving IT, clinical and emergency teams to ensure operational coordination. Information-sharing frameworks like Health-ISAC are also being promoted as 'virtual neighbourhood-watch' systems to advise organisations about threat activity and mitigation tactics.
The National
30-01-2025
- Health
- The National
UK health leaders highlight need to share data safely to propel digital era
UK health chiefs have underlined the need to protect a treasure trove of medical data as the industry embarks on a new digital era, amid the growing threat posed by cyber criminals to hospitals and their patients. Speaking at the Arab Health conference in Dubai, senior NHS officials said there was huge potential in vast amounts of data mined in UK hospitals and clinics, every day. Health data could be used to improve patient care, and the way they interact with treatments and medications, while also helping hospitals operate with greater efficiency. 'Our inability to transfer data is a problem to us and continues to be a problem,' said Ged Byrne, director of global health, NHS, a surgical oncologist. 'We have 76 years of unfiltered data, for the largest and oldest universal health public system in history. The amount of data that could potentially be useful if cleaned is limitless, and could potentially have a very positive impact on world health. That is for shaping healthcare response, pathway spend and governance. We've got data on just about everything you can possibly think of, it's genuinely big and extraordinary.' Challenges include how to store huge volumes of data, and share it securely with other health systems around the world, including the UAE. Cyber attacks on health systems have impacted millions of patients around the world in recent years, leaking sensitive information from names and social security numbers, to credit card numbers, medical data and sensitive clinical information. In June last year, NHS England confirmed patient data was stolen in a ransomware attack by a Russian cyber criminal group. More than 3,000 hospitals and GP surgeries were disrupted as criminals attempted to extort money from the pathology testing company contract by the NHS, Synnovis. 'We're doing a million interactions over 16 hours, and our ability to record that in the data is improving, but sharing data is the issue,' Prof Byrne told The National. 'We have not yet developed a safe mechanism which satisfies all parties. There needs to be a much clearer set of standards against which we share data – that's really important, to understand how we leverage that data.' Medical tourism is a major aspect of the UAE's health industry. UK health institutions view the UAE and wider GCC as prime locations to establish outposts of existing hospitals and clinics. London's Kings College Hospital has a gleaming centre in Dubai Hills, while Moorfields Eye Hospital also has centres in Dubai and Abu Dhabi. NHS leaders were in the UAE during Arab Health to discuss further collaboration and sharing of innovation, including the greater use of advanced technology. Ayub Bhayat, director of data services and deputy chief data and analytics officer at NHS England, said the use of AI will process the data to speed up care, cut waiting times and find new ways to deliver existing drugs for several conditions. 'We're on a journey to organise all the data assets into one repository, so AI will then do the heavy lifting, making clinicians' lives easier to focus on the really important stuff,' Mr Bhayat said. Mr Bhayat was responsible for the largest non-clinical procurement in NHS history – the £330 million ($410 million) Federated Data Platform – and is now leading the strategy of data transformation for the NHS. The platform is being used to resolve common problems facing the NHS such as elective waiting lists and hospital capacity. It is being used by 71 NHS organisations. AI can maximise availability in surgical theatre, by prioritising patients based on their clinical data. In each hospital where it is used, doctors are seeing 119 extra patients a month, Mr Bhayat said. Drug discovery is another area due to benefit from improved AI systems and data collection. By locating the right patients for the right trials, it is hoped AI can find wider suitability for certain medicines. A vaccine for shingles, anti-inflammatory drug Ibuprofen and some antiviral drugs have already been found to potentially delay the onset of dementia, in early research. 'These models can be run at speed as well to understand the impact of that drug,' said Mr Bhayat. 'Since we've implemented this data platform, there's been a 54,000 additional surgeries taking place – that's just using existing capacity of existing people. As we get more and more sophisticated, Generative AI will see the models start to self learn even more.' Staffing and the global health workforce was another topic for discussion with NHS leaders during Arab Health. A long-standing global health worker shortage has gathered pace since the pandemic. In the US, hospitals heavily rely on foreign workers, with more than 2.6 million immigrants working in healthcare roles. Meanwhile in the UK, Filipino workers make up 27 per cent of healthcare staff. A shortfall of 10 million health workers worldwide has been predicted by the WHO by 2030, with one in five nurses considering leaving the profession in the UK, Canada, the US, France and Belgium. Matthew Trainer, chief executive of Barking, Havering and Redbridge University Hospitals NHS Trust (BHRUT) employs more than 8,000 staff. Speaking at Arab Health, he told The National competition has made it harder to recruit staff. 'Internationally, we all have the same set of challenges; the ageing population and workforce,' Mr Trainer said. 'The pandemic has been a challenge because people have seen what it's like to work at the very sharp end of acute healthcare, and that was a very difficult phase for everybody. 'What we still see coming through in our newer recruits is people are attracted to the values of the NHS, particularly a younger workforce. 'Health care is an area where when you do your job well, someone else's life is better. If we get it right for them, it really is life changing.'
