London’s Air Ambulance MD Helicopters MD-902 Explorer G-EHMS. Image by Tony Hisgett via License: Creative Commons

A ransomware attack by the Russian group Qilin has hit hospitals in southeast London. The consequences were disrupted processes and postponed appointments. To make matters worse, the hackers are now publishing personal patient data.

On June 3, a severe ransomware attack hit several hospitals in southeast London. The healthcare system was severely disrupted for over two weeks, with more than a thousand operations and even more consultations cancelled.

The victim of the attack was Synnovis, a pathology service provider of the NHS, the British health system, which analyses around 100,000 blood samples every day. As a result, numerous hospitals in south London and doctor’s offices across the city were severely restricted. According to internal statements, it was “a critical incident” that severely restricted various services, especially blood transfusions.

The systems are now up and running again. But the worst is yet to come. The hackers from the Russian ransomware gang Qilin, also known as Agenda, have demanded 40 million pounds in Bitcoin to keep sensitive data under lock and key. The sum was apparently not paid, as the hackers have now published 400 gigabytes of patient data, including birth dates and the results of blood tests, including for HIV and cancer. The NHS is currently checking the authenticity of the data, but this will take weeks due to the complex nature of the data. Since there is no backup of the test results, thousands of patients have to undergo blood tests again.

The Qilin hacker gang has been operating according to the “ransomware-as-a-service” model since October 2022: It provides other hackers with the malware and the infrastructure to collect ransoms so that they can do the legwork of infiltrating the victims’ systems. In return, Qilin receives a share of the revenue. This type of division of labor has emerged in the ransomware industry in recent years and is being viewed with great concern by security experts.

Healthcare providers have proven to be lucrative victims. Thanks to their often outdated computer infrastructure, they are easy targets from whom large ransoms can be extorted due to the sometimes life-threatening consequences.

Only in February of this year, the most serious attack on the healthcare system to date took place in the USA with the hack of Change Healthcare. It paralyzed billing and information systems nationwide. Change Healthcare did pay 22 million dollars in Bitcoin to the ransomware hackers ALPHV (“BlackCat”) – also from Russia. But here too, the aftermath reveals dire consequences.

Because the billing systems in the US healthcare system were disrupted in many ways due to the hack, doctors and pharmacists suffered enormous losses due to unpaid or delayed prescriptions. Change Healthcare’s parent company, the UnitedHealth Group, provided two billion dollars for this purpose, but these funds have now been exhausted without alleviating all of the financial problems that arose from the hack. The case is now being litigated, and 49 lawsuits have already been filed in the federal court in Minnesota accusing Change Healthcare of negligence in data security. Whoever suffers the damage… —

The ongoing ransomware attacks on the healthcare system have long since become a serious threat. Hospitals and service providers can make their systems more secure, no doubt, but the price they pay for this is often less flexibility and ongoing extra work. Therefore, there are likely to be more attacks in the future, especially if one assumes that hackers will use generative AI to carry out even more sophisticated social engineering attacks in the relatively near future. The fact that these attacks often come from Russia, that Russia gets foreign currency with the ransom in Bitcoin while weakening the West, and that the Russian secret service is apparently working with the hackers – this does not make it any more reassuring.

Discover more from – the blog for Bitcoin and other virtual currencies

Sign up to receive the latest posts via email.


Leave a Reply