Skip to main content


In June of last year, a Russian cybercrime gang called BlackCat hacked the Barts Health NHS Trust, a part of the UK’s National Health Service (NHS) that operates several hospitals in London and published some of the stolen data online in an extortion attempt. Last month, a group known as Ransom, released a huge trove of data – three terabytes’ worth – obtained from a hack of the NHS Dumfries and Galloway, a board overseeing a region of Scotland for the health service. And last week, hackers launched a ransomware attack against a key NHS partner and third-party supplier, Synnovis, a company that helps manage blood transfusions and lab services for hospitals under the Guy’s and St Thomas’ NHS Foundation Trust and the King’s College Hospital NHS Foundation Trust. The attack crippled services at these hospitals and they were unable to carry out blood transfusions.


The incidents highlight the many cybersecurity challenges facing the NHS, which delivers care to the UK’s 68 million residents through a network of 229 trusts across the kingdom. This extensive network makes the NHS the custodian of one of the richest and most comprehensive national health datasets globally. With 1.7 million employees, the NHS is also one of the world’s largest employers, surpassed only by the U.S. and Chinese militaries, Walmart Inc., and McDonald’s Corp. Such scale makes it an attractive target for financially motivated cybercriminals who increasingly target healthcare organizations to damage or disrupt IT systems and extort large ransom payments. In addition to recent hacks, the NHS was one of the most prominent victims of the 2017 WannaCry attack, an early ransomware strain that disrupted services at a third of NHS trusts and forced the temporary closure of several emergency rooms. Simon Newman, a Director at Cyber London commented:

“This is a significant attack which appears to be yet another incident affecting a third party supplier. These types of attack are becoming increasingly favoured by cyber criminals, causing major disruption to the delivery of services. As large organisations improve their cyber security, criminals look for vulnerabilities in the supply chain. The problem is so prominent that the NCSC recently published revised guidance on securing supply chains.”


The London hospitals were forced to revert to using long-abandoned paper records systems, with porters hand-delivering blood test results due to IT network disruptions. Guy’s and St Thomas’ Trust (GSTT) has resorted to using paper instead of computers to receive patients’ blood test outcomes. Despite the large-scale ransomware attack on Monday, Synnovis, which analyses blood tests for GSTT, continues its work, though the attack has caused significant problems for the NHS. A GSTT clinical staff member said:

“Since the attack, Synnovis have had to print out the blood test results when they get them from their laboratories, which are on site at Guy’s and St Thomas. Porters collect them and take them up to the ward where that patient is staying or [to the] relevant department which is in charge of their care. The doctors and nurses involved in their care then analyse them and decide on that person’s treatment, depending on what the blood test shows. This is happening because Synnovis’ IT can’t communicate with ours due to the cyber-attack. Usually, blood test results are sent electronically, but that’s not an option just now.”

The ransomware attack has also increased the demand for the donation of O-type blood. For surgeries and procedures requiring blood, hospitals need to use O- type blood, as it is safe for all patients. Since blood has a shelf life of 35 days, stocks must be continually replenished. Doctor Gail Miflin the Chief Medical Officer at NHS Blood and Transplant, said:

“When hospitals do not know a patient’s blood type or cannot match their blood, it is safe to use O-type blood. To support London hospitals to carry out more surgeries and to provide the best care we can for all patients, we need more O negative and O positive donors than usual.”

Professor Stephen Powis, the Medical Director for NHS England, elaborated on how the attack had directly impacted patients:

“We know that a number of operations and appointments have been postponed or diverted to other neighbouring hospitals not impacted by the cyber-attack, as we prioritise pathology services for the most clinically urgent cases.”


According to a report by Cisco Systems Inc.’s Talos threat intelligence division, healthcare providers were the most targeted by ransomware gangs last year. Cisco attributed this to the healthcare sector’s generally underfunded cybersecurity budgets and low tolerance for downtime. Cybercriminals have repeatedly breached various parts of the healthcare sector, from major hospital systems to one of America’s largest health insurance companies. Last year, the FBI received more reports of ransomware attacks in healthcare and public health than in any other of the 16 industries that the U.S. government designates as critical infrastructure. Martin Lee, Cisco’s UK-based technical lead of security research explained one of the reasons why the healthcare sector is such a prime target for ransomware attacks:

“When health-care systems and data are unavailable, lives are potentially at risk. This makes the sector a tempting target for criminals. Outages ply pressure on management to pay off the attackers to restore availability quickly. However, paying the ransom means that these attacks remain profitable and ultimately only serves to encourage further attacks.”

A London-based cybersecurity and technology expert, Brad Freeman, explained why third-party suppliers increase the risk and cyber vulnerabilities for the medical industry:

“Suppliers such as Synnovis are life-critical elements of the NHS supply chain. This data breach demonstrates how difficult securing systems from multiple independent suppliers and the potential impact to operations.”


Izak Oosthuizen, Founder and CEO of Zhero, London’s #1 end-to-end Cybersecurity and IT Support for SMEs and best-selling Amazon author, explained why many businesses are inadequately protected against ransomware:

“Sadly, organisations still rely on just antivirus or just a firewall to safeguard them. Antivirus and firewalls are no longer enough. You have to take a multilayer security approach to protect yourself from ransomware – at the very minimum you have to get internet protection to ensure that all your internet traffic is secure and proactively avoid the encryption of their data.”

Izak’s wise words lead us on to Zhero’s comprehensive cybersecurity package, Protect It Better. With Protect IT Better, Zhero will help you develop and implement a cybersecurity strategy that works for your business and protects it against all cyber threats, including dreaded ransomware. Our Protect IT Better security offering is based on zero trust principles and designed to crush your cybersecurity risk. Contact us today and find out how we Protect IT better by delivering better IT faster.

Leave a Reply