Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
A ransomware attack hit services provider Synnovis on June 3rd, causing activity disruption at several major NHS hospitals in London.
Blood transfusions, surgeries, blood tests, and other procedures were postponed, redirected to other clinics, or canceled.
The attack impacted Guy’s and St Thomas’, King’s College Hospital NHS Foundation Trusts, and primary care services in southeast London. Evelina London Children’s Hospital is also on the list of healthcare institutions affected by the Synnovis ransomware attack.
Although they expect full recovery to take several weeks, NHS London said emergency care remains available.
Emergency care continues to be available, including using 111 online as the first port of call for health needs, and only using 999 if it is a serious or life-threatening emergency. Patients should continue to attend appointments unless told otherwise.
Source – NHS London statement on Synnovis ransomware cyber attack
More about the Synnovis ransomware attack
On June 3rd, NHS hospitals that relied on Synnovis for diagnostic and pathology services were unable to connect to the main server. IT experts from both Synnovis and the NHS are now working to contain and respond to the incident.
For the moment, researchers did not reveal how hackers gained access to the pathology services provider’s infrastructure.
Synnovis’ Chief Executive Mark Dollar said the ransomware attack affected all Synnovis IT systems and apologized “for the inconvenience and upset this is causing to patients, service users and anyone else affected”.
The impact of the Synnovis ransomware attack on NHS hospitals put patients’ lives at risk. In the absence of test results and diagnostics services, the hospitals had to cancel or postpone critical operations like blood transfusions or transplant surgeries.
Best practices to prevent ransomware attacks
Cyberattacks can happen to anyone and hackers continue to target healthcare institutions, ignoring that they put peoples’ lives at risk.
The NHS London Statement said that
NHS providers have tried and tested business continuity plans for instances like this, which includes offering mutual aid.
When asked for an opinion on how hackers could still inflict such damage on critical healthcare services, Heimdal cybersecurity expert Robertino Matausch first quoted Helmuth Moltke, “No operational plan extends with any certainty beyond the first encounter with the main enemy force.”.
He further explained what could make a backup or incident response plan fail:
A lot of factors come into play besides cost:
– the complexity of the environment
– failure to understand the complexity
– changing circumstances, so the lack of flexibility of the IT teams to adapt to the change can be a problem
Some IT managers and service providers are not used to thinking in terms of complex threat scenarios. They know their technology, know what it protects against and that’s it. Threat scenarios are much more complex because they have a large number of vectors, so you have to have emergency plans ready for many scenarios.
Recommended ransomware and data loss prevention measures
Cyberattacks grow more and more complex and hackers have made a favorite target out of healthcare services. To keep your data as safe as possible, apply a layered security strategy. Here are some of the most important tools and security best practices that will help prevent ransomware and data loss:
- Use end-to-end encryption for transferring sensitive data
- Patch in time
- Use DNS filtering and monitoring to spot and block malicious communication
- Set-up backup servers, on different platforms, for critical data and services. Develop a data loss prevention strategy.
- Enforce network segmentation to prevent an attack to propagate
- Limit privileged access to mandatory operations only
- Use multi-factor authentication
- Educate employees to identify phishing emails
