Cyber-attacks disrupt critical operations at London hospitals

Recent cyber-attacks have forced three major hospitals in London to cancel critical operations, causing significant disruptions to patient services. The affected institutions are now striving to manage the chaos, which emphasises the stark reality of cybersecurity threats in the healthcare sector.

Semperis, Vice President, Dan Lattimer commended the hospitals for their efforts to maintain patient services during the cyber onslaught.

He also elaborated on the risks and mitigation strategies, stressing the importance of preparing for such disruptions. "Today, it’s imperative for hospitals to conduct day-to-day operations assuming breaches will occur. Ransomware attacks cause disruptions, cast doubt, cut into profits, and in some cases, can be a matter of life and death."

"Preparing now for inevitable disruptions will dramatically improve hospitals' operational resiliency and better prepare them to turn away adversaries."

Lattimer recommended identifying critical services that are single points of failure and ensuring real-time visibility to changes in elevated network accounts.

EMEA CTO at Vectra AI, Christian Borst, provided further insights into the broader implications of the cyberattack. "As a vital component of the UK's critical national infrastructure, and a service that millions of UK citizens rely on a day-to-day basis, the NHS will always be a prime target for cyber criminals who are seeking to cause maximum disruption."

"This latest attack on London Hospitals paints a stark picture of what’s truly at stake; it quite literally is a life-or-death situation for patients," Borst stressed.

He also highlighted the need for rigorous vetting of third-party suppliers, as early indications suggest that the attack might have originated from an NHS partner.

"This underscores the importance of NHS decision-makers choosing to work with third parties that prioritise cybersecurity as a cornerstone of their relationship as a supplier," he said. "As part of this relationship, the NHS should ensure that they are given the right to review the security policies of all those in the chain."

The interconnected nature of modern healthcare systems and their reliance on third-party providers was reiterated by Deputy Chief Information Security Officer at LogRhythm, Kevin Kirkwood.

"The interconnected nature of modern healthcare systems, coupled with reliance on third-party providers, poses significant risks to healthcare providers, as recently evidenced by the ransomware attack on Synnovis," Kirkwood said.

He pointed out the direct impact on patient health due to compromised blood transfusion IT systems, which illustrates the severe ramifications of such attacks.

Kirkwood urged healthcare providers to abandon traditional reactive approaches in favour of more proactive measures.

"Healthcare providers need to implement robust security measures that encompass not just their own systems but also those of their third-party partners. This includes continuous monitoring, regular security assessments, and comprehensive incident response plans," he suggested.

"By adopting these strategies, healthcare organisations can better protect their critical infrastructure and, most importantly, ensure the safety and trust of their patients."

The recent cyberattacks on London hospitals have brought the urgency of cybersecurity in healthcare to the forefront. As experts highlight, the path to resilience lies in meticulous preparation, comprehensive strategies, and robust collaborations with secure third-party providers.

The situation remains under scrutiny as hospitals work tirelessly to resume normal operations and safeguard patient welfare.