NHS UK Becoming An Attractive Target For Cybercriminals


In June 2023, BlackCat, a Russian cybercrime operative, went on to hack the Barts Health NHS Trust, which is a part of the National Health Service- NHS in the UK and happens to function in numerous hospitals in London, and went on to publish it online for an extortion attempt.

In May 2024, another group called INC Ransom went ahead and published massive data, which was three terabytes and culled from a hack of an NHS board that oversees one of the regions of Scotland for health services.

And on June 3, 2024, hackers went ahead and launched a ransomware attack against one of the key partners of the NHS named Synnovis, which happens to help in managing blood transfusions as well as lab services for hospitals that function under the King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust. The attack went on to cripple the services within those hospitals. All these incidents go on to show that there are many cybersecurity issues surrounding the NHS, which happens to deliver care to more than 65 million UK residents via a network of 229 trusts that are spread out across the UK. The system comprises a vast network of providers as well as computer systems, which goes on to make NHS the keeper of one of the richest as well as most accomplished national health datasets across.

Moreover, with 1.7 million workers, the NHS is one of the largest employers in the world. All this goes on to make the NHS quite an attractive target, and that too at a time when financially-driven cybercriminals are growingly targeting health organizations and looking out to damage as well as disrupt the IT systems in the hope of extorting them for massive ransom payments.

Apart from the recent hack, the NHS was also a prominent victim of the 2017 WannaCry attack, which happened to involve an early ransomware strain that spread across the world and included disrupting a third of the services of the NHS Trust in addition to forcing the temporary closure of numerous emergency rooms. Out of all the sectors, healthcare providers happened to be the most targeted ones by the ransomware gangs in 2023, as per a report coming from the Talos threat intelligence division of Cisco Systems Inc.

Cisco went on to attribute the targeting to healthcare organizations that generally had underfunded budgets in terms of cybersecurity and low tolerance for downtime.

Throughout the Atlantic, cybercriminals have broken into many parts of the healthcare sector quite repeatedly, right from major hospitals to one of America’s largest health insurance companies. In 2023, the FBI happened to get more reports pertaining to ransomware attacks in healthcare as well as public health as compared to any of the other 16 sectors that the US designates as crucial infrastructure.

As per Martin Lee, who is the technical lead of security research at CISCO said that when healthcare systems as well as data are not available, lives happen to potentially at risk, and this goes on to make the sector a very tempting target for criminals. Outages, according to him, act as pressure on management to pay off the attackers so as to restore availability quickly. But paying the ransom goes on to suggest that such attacks happen to remain profitable and hence only serve to encourage more attacks.

According to cybersecurity experts, the rising number of attacks against healthcare providers, including the NHS, underscores the issue of them policing not just their own security but of the key suppliers as well.

This time, the ransomware attack against Synnovis happened to be the third in the last year that hit Synlab, which is Munich, Germany based, the company that happens to run Synnovis, along with the two NHS hospital trusts from London. Apparently, in June 2023, Synlab, which happens to be the biggest provider of medical diagnostic services and testing in Europe, remarked that its French breach got hit by a C10p-and attacker group.

In April 2024, a cyberattack, apparently paralyzed the Italian operations of the group.

The company went on to describe the latest attack to be an isolated incident with no connection to the incident that took place in Italy in April 2024.

The company, however, declined to respond to other questions and went on to remark that it is still trying to assess the breach’s impact.

It is well to be noted that once the organization has been breached, hackers go on to learn its cyber spectrum, which raises the chances that they will be able to get back later after the victim has cleaned up the original breach as well as applied more security controls, as per Brad Freeman, the co-founder as well as director of technology at SenseOn, a London-based cybersecurity firm.

The fact is that if an attacker goes on to exploit the flaw that’s present in a website that’s fixed, for example, it is most likely that other attackers are going to find similar ways to get in since the original flaw could very well be seen as an instance of poor software development practice.

Suppliers like Synnovis happen to be the most critical elements of the NHS supply chain, as per Freeman, who also added that this data breach goes on to show how challenging securing systems from numerous independent suppliers is. Just like their counterparts in the UK, the experts say that American healthcare providers go on to be quite attractive targets when it comes to cybercrime since they often happen to have quite limited security budgets, have intricate and also vulnerable security systems, and also have bundles of sensitive information that is used to make life-or-death decisions.

Hitting these hospitals apparently, gives the attackers leverage since doctors have to solve the disruptions fast, as per the senior fellow, Mark Montgomery, from the Foundation for Defense of Democracies.

As per him, they immediately go on to offer potentially life-threatening conditions, whether it is the MRI that does not work, one is unable to get the data to the surgical suite, or basic information on the blood type cannot be obtained.