delayed treatments but also contributed to a backlog that took months to clear , straining the staff and impacting the NHS services .
The ransomware attack on Synnovis , who provides vital pathology services , including blood tests and transfusions , in 2024 is one of the more recent devastating attacks on the NHS . It affected seven hospitals , managed by two NHS trusts , Guy ’ s and St Thomas ’ NHS Foundation Trust , and King ’ s College Hospitals NHS Trust .
The attackers , Qilin hacking group , followed through on their threat to release the stolen data they had obtained , to the public , after Synnovis refused to pay a £ 40 million ransom to them . As a result , a host of confidential data was exposed , leaving the NHS working to try and minimise the damage and protect the privacy of as many affected patients as possible .
The patient data that was publicised included patient names and their dates of birth , as well as their NHS number and descriptions of blood tests that have been performed . The impact of the attack has meant that 800 + operations were postponed , 1,294 hospital outpatient appointments were postponed in just a week and a host of cancer treatments were forced to be rescheduled .
There is no quick fix when it comes to defending against the Ransomware attacks on the NHS . And , unfortunately , unlike other public services , healthcare cannot afford service downtimes due to the lifesaving work clinicians and nurses carry out every minute of the day . However , it is clear that a new approach to IT security that acknowledges the disruptions caused by these attacks is essential .
When looking to solve the issue , it would be wise to start with the procurement
NHS organisations allocate only 1 – 2 % of their running costs to IT services , far below the 4 – 10 % spent in other sectors . process . In its current state , healthcare is burdened with outdated IT and security infrastructure . This one size fits all solutions , are expensive and often are not specifically tailored to the NHS ’ s needs . This is because the current model favours a small group of vendors who provide generic solutions at inflated prices .
Look at it this way , when many trusts are using the same public cloud hyperscaler , which has adopted identical security postures , it is inevitable that a breach at one organisation will be rapidly exploited and repeated in others . Therefore , it ’ s fair to say that the NHS is paying vast amounts of money for systems that still lack the proper protections .
To combat this , there must be a shift towards security-focused , healthcarespecific procurement . This would enable trusts to adopt tailored solutions that prioritise patient data .
Another solution is to train staff to have the expertise to properly handle cyber security in-house . The reason for this is that if you are completely reliant on a third party for help , you are in trouble if they do not react quickly enough . For example , relying
Images for illustration only
INTELLIGENT TECH CHANNELS 41