- A ransomware attack went to a medical care organization in the United Kingdom
- Interruptions to patient care contributed tragically to the death of a patient.
- Criminals point to critical services, since they are likely to pay the rescue
Ransomware attacks are devastating for the victims, but this has now reached a new and tragic level, with the National Health Service of the United Kingdom (NHS) confirming that an attack on London hospitals in 2024 that forced the ambulances that fade and interrupted blood tests have contributed to the death of patients.
This attack directed Synnovis, a pathology service based in London, and the Qilin cybercriminal group caused serious interruptions to blood test services, and the delay in a blood test was a “contributing factor” to the death of a patient.
Around 800 operations and 700 outpatient appointments were canceled or reprogrammed due to the attack, and it is suspected that personal information such as names, birth dates, NHS numbers and even blood analysis data have been committed and published in the incident.
Tragic consequences
Cybercriminals are aimed at critical infrastructure, such as hospitals, because they are likely to pay rescues to put into operation the services with minimal interruptions to protect patients, but this, of course, requires a level of interruption regardless of what.
“A patient sadly died unexpectedly during the cyber attack,” confirmed the King’s College Hospital NHS Foundation Trust.
“As is the standard practice when this happens, we carried out a detailed review of your care. The investigation of the patient’s safety incident identified a series of contributing factors that led to the death of the patient. This included a long wait for a result of the blood test due to the cyber attack that impacts the pathology services at the time. We have met with the patient’s family and share the findings of the safety research with them.”
It is said that Qilin, the ransomware gang, demanded $ 50 million of Synnovis in exchange for stolen data, but the reports suggest that Synnovis refused or could not pay the rescue, and the data was published online.
This is in line with the prohibition of payment of government ransomware for public organizations, whose objective is to deter the gangs of public services ransomware.
Through The record
