The Recent NHS Cyber Attack: Why Robust Cybersecurity is Vital for UK Healthcare

It’s Code Red for the healthcare sector after yet another major, life-threatening cyber-attack that experts say was completely preventable.

Deemed the “most significant” cyber-attack in the history of the UK National Health Service (NHS), the June 3 ransomware attack shut down seven London hospital systems, halting treatment, postponing critical operations, and threatening lives.

It underscores the urgent need for cyber preparedness in a sector that’s particularly vulnerable.

Systems are outdated. Basic cyber practices go unperformed. Employees don’t get sufficient security awareness training. Cybercriminals know all this – and they also know that, when lives are at stake, victims are more likely to pay.

The NHS cyber attack’s ramifications extended far and wide. The perpetrators publicly released 400GB of names, birthdates, NHS numbers and blood test results. They also encrypted systems data, rendering it inaccessible, which caused the postponement of more than 6,000 hospital appointments and procedures in London.

Outdated systems, a failure to identify vulnerable points, and a lack of basic cyber hygiene are reasons why the NHS ransomware attack succeeded, the founding chief executive of the National Cyber Security Centre stated. And, he warned, this attack could be a harbinger of more against the NHS.

But the NHS is far from alone. Globally, the health sector has been hard hit of late. Change Healthcare, a US insurance claims processor owned by United HealthCare, suffered a major blow in February, and poor cyber hygiene was also blamed.

To block further attacks, healthcare providers, insurers, and others in the industry around the world will need to act fast to secure their systems, educate their workers, and more.

Read on to explore the NHS cyber-attack in more depth, look at similarities to the Change Healthcare breach, and discover how to efficiently and effectively stem the rising tide of health sector cyber-attacks in the UK and globally.

The Russian ransomware gang Qilin, thought to be Kremlin-backed, infiltrated the computer systems at Synnovis, which provides blood pathology testing and diagnostics to two NHS trusts in London. What happened to Synnovis underscores the concerns that plague health providers worried about suffering a similar attack:

• Business continuity. The attackers froze Synnovis’ systems by encrypting information needed for the systems to run. As a result of the attack, which cyber experts are calling one of the most significant ever against the NHS, 4,913 acute outpatient appointments and 1,391 operations were disrupted, according to the NHS. Guy’s, St Thomas’, King’s College and Evelina London Children’s Hospitals are among those whose ability to provide services was severely impaired.
• Protecting patient data and other sensitive information. Qilin downloaded private data for which it demanded a £40 million ransom. When Synnovis refused to pay, the group released on the dark web data from 300 million patient interactions with the NHS, including HIV and cancer blood test results for which the HIPAA Journal says individuals may now be subject to extortion. The attackers also took spreadsheets containing financial arrangements between hospitals, practitioners, and Synnovis.
• Protecting patient lives. The National Health Service in England was urging people with universal blood types to donate blood after the Synnovis attack disrupted hospitals’ ability to match patients — underlining how cyberattacks can have serious and potentially life-threatening impacts.
• Although no penalties or fines have been mentioned publicly against Synnovis or the NHS to date, providers as a whole whose cyber hygiene is found to be lacking may be vulnerable to penalties, including GDPR fines, should their systems and data suffer breach.

Why did it happen? Ciaran Martin, the founding chief executive of the National Cyber Security Centre, said after the attack that parts of the NHS’s IT system is outdated and remains at risk of more attacks. He blamed the legacy systems as well as a failure to identify vulnerabilities and conduct basic cybersecurity practices as the leading reasons why the NHS cyber-attack succeeded.

The NHS ransomware attack has many similarities to an attack that occurred in the US in February 2024. That attack, called the “most disruptive cyber-attack on US critical infrastructure to date,” is expected to cost parent company United Healthcare (UHC) billions of dollars and unprecedented data losses affecting one-third of Americans. And, similar to the NHS cyber-attack, the Change Healthcare breach might have easily been avoided had basic security hygiene practices been in place, according to testimony.

A US Congressional subcommittee explored cybersecurity vulnerabilities in healthcare during a May 16 hearing. What it found: The healthcare industry as a whole treads on shaky ground, facing more, and more dire, threats than ever before.

Yet, it remains behind the cybersecurity curve compared to most sectors.

Emboldened by the success of the cyber-attack on Change Healthcare, criminals are now targeting others in the sector. U.S. healthcare system Ascension on May 8 discovered a “security event” that caused a systems shutdown: weeks later, employees in a number of states were still documenting care with pen and paper.

Likewise, weeks after the NHS cyber-attack, blood testing in London was reportedly occurring at about 10 percent of its normal rate. Synnovis anticipated taking several months to fully recover, the HIPAA Journal reported.

The health sector “lags far behind most essential infrastructure sectors … on research to understand the risks and develop specific plans to protect, respond, and recover from cyberattacks,” The Lancet reports.

It’s time to catch up, before cybercriminals catch you and your patients. Fortunately, protection is no mystery; security experts know what to do and how to do it effectively and efficiently. To get started, we recommend:

No specific cause for the NHS breach has yet emerged, but this much we know: human error accounts for 95% of all cybersecurity incidents, the World Economic Forum reports.

What to do: Hornetsecurity’s next-gen Security Awareness Service trains employees using realistic spear phishing simulations and AI-powered e-training, heightening awareness of cyber security risks and threats. Employees learn effectively how to protect themselves and their company. The service is fully automated and easy to use.

Obtaining login credentials used to be an automatic in for intruders, but MFA makes it only half the battle. If the hackers don’t have access to the second layer, such as the user’s device or authentication app, they won’t be able to get in.

What to do: Check and double-check all your systems and software to ensure that they’re covered by MFA, preferably phishing resistant varieties, to block unauthorized entry into your systems and software.

It’s not a matter of “if” you’ll be attacked, but “when,” particularly in healthcare. Being able to recover swiftly—resilience—is key to minimizing costs, damage, and downtime.

What to do: Modernize your backup system with Hornetsecurity’s 365 Total Backup Solution. Among its features:

• Automatic backup of Microsoft 365 data multiple times a day;
• Protection from ransomware attacks as well as third-party disruptions via backup storage and security on Hornetsecurity infrastructure, independent of Microsoft;
• Easy search and recovery;
• Hassle-free, unlimited storage;
• Centralized management; and
• Data storage in local, secured, robust and redundant Hornetsecurity data centers, granting control over data jurisdiction.

Robust security includes having safeguards in place for storing, accessing, and sharing sensitive personal health information.

What to do: Adopt a zero-trust model with Hornetsecurity’s 365 Permission Manager tool. Using it, you can:

• Perform bulk actions to manage permissions at scale;
• Use Quick Actions to fix permissions on multiple sites at once;
• Assign out-of-the-box best practice policies, or create custom defined compliance polices for SharePoint sites, Teams, or OneDrive accounts;
• Receive alerts for critical shares or policy violations; and
• Use the Audit function to approve or reject policy violations.

Note that in this attack, the impacted hospitals themselves weren’t breached, it was the supplier of pathology testing. No business today operates independently, and this is especially true in healthcare. Follow the steps above to ensure that “your house is in order” but also investigate your supply chains, understand their security posture, and plan for how your organization can continue operating if a critical supplier is impacted by a cyber-attack.

To properly protect your healthcare environment, use Hornetsecurity Security Awareness Service to educate your employees on how to secure your critical data.

To keep up with the latest articles and practices, visit our Hornetsecurity blog now.

Don’t wait for a crisis: get your checkup and preventative care now. If you’re in the healthcare sector, your organization is extremely vulnerable to breach by criminals emboldened by recent successes. Truly, it’s not a matter of if your healthcare organization will be hit, but when. Contact Hornetsecurity today to try our solutions for free, and protect your systems and data before attackers strike.