Several London hospitals, still under significant strain more than a week after a cyberattack crippled services, have asked medical students to volunteer to help minimise disruption, as thousands of blood samples have had to be
Synnovis, in an email sent on Monday to primary health providers, said that thousands of blood test samples would probably have to be destroyed because of the lack of connectivity to electronic health records. In a statement on Wednesday, Synnovis said that the IT system had been down for too long for samples taken last week to be processed.
The NHS, which most people in Britain rely on for medical care, has significantly stepped up its investments in cybersecurity since 2017, when a ransomware attack wreaked havoc on its computer systems and forced the cancellation of nearly 20,000 hospital appointments and operations.
The cyber threats add to pressure on the NHS, which is already facing a deep crisis over budget cuts and staffing shortages.
Since the cyberattack, some NHS medical practitioners at affected hospitals have resorted to using pen and paper to record test results, with limited access to computerised blood test records. Recording results by hand can lead to higher rates of mistakes and can reduce capacity for blood tests, resulting in reduced capacity for emergency operations, said Jamie MacColl, a research fellow focused on cybersecurity at the Royal United Services Institute, a British think-tank.
“The whole thing doesn’t break down, but it is under significant strain,” MacColl said. There have been far fewer successful ransomware attacks on the NHS, which does not pay ransoms, than on US healthcare providers, which are more susceptible to being extorted, he said.
Recent large-scale cyberattacks affecting US hospitals have rattled healthcare systems.
Rebecca Wright, a professor focused on cybersecurity at Barnard College in New York City, said hospitals were particularly susceptible to ransomware attacks because they are hard to secure, often relying on a patchwork of different systems and third-party suppliers.
The primary goal of the attacks is not always to steal the hospital’s data, she said, but to paralyse or disrupt services to such an extent that providers are more likely to pay ransoms.
US authorities say that paying ransoms helps to perpetuate a cycle that can lead to an increasing number of attacks on hospitals. But for healthcare providers, paying ransoms can cost less than rebuilding computer systems.
Ransomware payments around the world exceeded US$1 billion last year, a record high, according to Chainanalysis, a US blockchain analysis firm. The top five highest grossing ransomware variants in 2021 were connected to Russian cybercriminals, according to the US Treasury’s Financial Crimes Enforcement Network, which aims to safeguard the financial system from illicit use.
In February, a cyberattack on Change Healthcare, which manages one-third of all US patient records, caused major disruptions to payments, including routine drug prescription orders and expensive surgeries. At a Senate hearing last month, Andrew Witty, the CEO of UnitedHealth Group, the parent of Change, acknowledged that the company paid a US$22 million ransom to the attackers.
And just weeks ago, Ascension, one of the United States’ largest health systems, with about 140 hospitals, was hit by a large-scale cyberattack. Doctors and nurses at Ascension hospitals have had little access to digital records for patient histories and have used paper and fax instead.
Ascension said on Wednesday that the attacker had gained access to its systems after an employee accidentally downloaded a malicious file that they thought was legitimate. The company said that it had no evidence that data was taken from its electronic medical record system and that it was still working to restore access to electronic health records across its network, which it aimed to do by Friday.
This article originally appeared in The New York Times.
Written by: Jenny Gross
©2024 THE NEW YORK TIMES