Ransomware attack on England's health system highlights life-threatening impact of cybercrime

The National Health Service in England is urging people with universal blood types to donate after a ransomware attack disrupted hospitals' ability to match patients underlininghow cyberattacks can have serious and potentially life-threatening impacts.

On June 3, hackers targeted pathology services provider Synnovis with ransomware. Ransomware attacks encrypt a company's computer system, rendering it inoperable until the victim pays a fee.

The attack on Synnovis severely impacted several London hospitals serving two million people, prompting them to declare a critical incident and cancel cancer surgeries and blood transfusions.

On its website Monday, the National Health Service (NHS) explained the attack meant that "affected hospitals cannot currently match patients' blood at the same frequency as usual" and that stocks of O positive and O negative bloodneed to be replenished as the hospitals lack the ability to quickly match patients to their correct blood type.

O positive is the most common blood type and can be provided to anyone who has a positive blood type, while O negative, known as the universal blood type, can be tolerated by patients of all blood typesand is especially helpful in time-sensitive emergencies.

"NHS staff are continuing to go above and beyond to minimizethe significant disruption to patients following the ransomware cyberattack on Synnovis," Stephen Powis, national medical director for NHS England, said in a statement, encouraging the public to book one of the 13,000 appointments available across the U.K."To help London staff support and treat more patients, they need access to O negative and O positive blood."

Ransomware attacks linked to deaths

Hospitals and other health-care providers are targeted by ransomware gangs because disruptions to life-saving treatments can increase the pressure to pay criminals, cybersecurity expert SteveWaterhousesaid. "As we are seeing with the NHS case in the U.K., everything is put on hold, and if you have a medical condition that is time-critical, then it puts you in a bad spot."

Hospitals across Canada have been targeted by ransomware gangs for years a cyberattack last year impacted five hospitals in southwestern Ontario at once.

The effects of cyberattacks can be serious. Experts also believe they have a body count:A 2023 study by researchers at the University of Minnesota estimated that between 42 and 67 Medicare patients died as a result of delayed care due to ransomware attacks between 2016 and 2021.

Waterhouse, who is based in Quebec, said the findings of the 2023 study didn't surprise him. "It's an indirect cause of death, because the information systems were not available, and they were not able to be taken care of in a timely manner," he said. "That is a big problem."

The gang behind the NHS ransomware attack is suspected to be Qilin, a Russian-speaking entity. Ransomware groups like Qilin operate almost like startups, offering their software as a service to affiliates that carry out attacks. Many gangs are believed to operate in Russia, so they are likely to remain outside the reach of Western law enforcement.

Synnovis CEO Mark Dollar saidin a statement on June 4that the London-based provider is working with law enforcement and that he is "incredibly sorry for the inconvenience and upset this is causing to patients, service users and anyone else affected."

In the absence of legal justice, Waterhouse said this is another reminder that anyone who uses the internet from hospitalsto companies to individual users must be prepared to recover from a ransomware attack because they are no longer theoreticalor even rare.

"It is becoming a global problem for everyone, and everyone has to pitch in to enhance the environment so it's a little bit more secure," he said.

WATCH | The impact of ransomware attacks and how they work:

How ransomware attacks work and their sweeping impacts

6 months ago

Duration 2:37

McMaster University Prof. Andrea Zeffiro, who focuses on critical data studies, says vulnerable communities are more likely to be impacted by the attack that's suspended Hamilton services for over a week.