A recent ransomware attack in the UK has disrupted health services, with reports of surgeries being cancelled. The attack targeted King's College Hospital and Guy's and St Thomas' Hospital in central London. Representatives from both hospitals confirmed that their partner Synnovis had suffered a major cyber incident.

This has severely impacted the provision of medical services, especially blood transfusions. Some medical operations have been forced to be cancelled or switched to other providers. According to British media, this is a ransomware attack, with patients taking twice as long to get their medical test results.

The attack crippled Synnovis’ IT systems, causing major disruption to the delivery of pathology and healthcare services to thousands of patients. An analysis from Imperial College London has estimated the cost of the recent London cyberattack at nearly £6 million (€7 million).

Ransomware attacks are attacks in which malware blocks people from accessing data files, forcing victims to pay for access. Cyber ​​experts say the trend is growing, especially in the healthcare sector.

“The healthcare sector is increasingly being targeted, as digitalization has unintentionally expanded the attack surface and given rise to phishing and ransomware attacks,” said Laura Heuvinck, spokesperson for the EU Agency for Cyber ​​Security (ENISA).

An ENISA report published last year found that ransomware attacks accounted for 54% of cyber incidents in the sector between January 2021 and March 2023, and that this type of attack was considered “the top threat in the healthcare sector.” However, the agency said that only 23% of healthcare organizations had a dedicated ransomware program in 2023.

The report, which covers part of the Covid-19 pandemic, said the healthcare sector was a major target, with most ransomware attackers motivated by financial gain. Another report from the French Digital Health Agency in May confirmed “a continued presence of maliciously-sourced incidents” in 2023, with 581 reports of cyberattacks in the healthcare sector, at least half of which were malicious.

Meanwhile, according to a report by software company Emsisoft, ransomware attacks targeting US hospitals increased sharply in 2023, affecting 46 US hospital systems, spread across 140 hospitals. At least 32 hospital systems had their protected health data stolen.

Hospitals can be at risk when they “talk to a lot of different vendors,” making their systems more “open,” said Alan Woodward, a computer security expert at the University of Surrey in the UK.

“The more connections you have, the wider the attack surface, and therefore the more opportunities for criminals to get in,” he said. Experts advise that it is important not to pay ransoms, with some even pushing for an international ban on such payments.

“The advice is always don't pay because: A - you just encourage the criminals and B - you can't get your data back,” Emsisoft threat analyst Brett Callow stressed.

LAM DIEN