NHS Still Highly Vulnerable Following Major Ransomware Attack


July 8, 2024

World map

A ransomware attack against UK-based pathology testing provider Synnovis severely disrupted services at Guy’s, St Thomas’, King’s College, and Evelina London Children’s Hospitals, forcing the postponement of thousands of medical appointments and procedures.  

Now Professor Ciaran Martin, the founding CEO of the UK’s National Cyber Security Centre (NCSC), is warning that the National Health Service (NHS) remains “highly vulnerable” to further attacks unless “significant updates” are made to its systems.  

“I was horrified, but not completely surprised. Ransomware attacks on healthcare are a major global problem,” Prof. Martin stated to the BBC as reported by Cyber Express.

Marti’s warnings come despite NHS having invested £338 million over the past seven years to enhance cybersecurity.  

Takeaway: What can governments do to protect healthcare organizations from this onslaught of ransomware attacks? From what we have witnessed so far, not much at all.

While we have seen some scattered arrests of affiliates and other low-level threat actors in the ransomware space, overall law enforcement has had little impact in disrupting ransomware operations.

The UK, US, and allied governments are in a tough position regarding what actions to take to curb these disruptive ransomware attacks.

Law enforcement actions and government sanctions against ransomware operators are necessary, but even if they are arrested or their operations disrupted, there will quickly be someone to take their place.

At some point, ransomware attacks on healthcare and other critical infrastructure providers have crossed the line from cybercriminal activity to a serious national security issue, especially when we are talking about attacks that put patients' lives at risk.

We know rogue nations tacitly or directly support and/or control these ransomware operators to an extent, and these attacks are starting to look more and more like state-sponsored terrorism, and perhaps we should be addressing them as such.

Cybercriminal activity is the purview of law enforcement: they investigate, collect evidence of a crime, indict and prosecute when possible, and the process can take years.  

This may be enough for some cyber-based threats, but when attacks are measurably impacting patient outcomes and contributing to increased patient mortality rates, they should be treated as a national security concern so a different set of response rules of engagement kick in.

It’s clear we cannot afford to maintain the status quo.

Halcyon.ai is the leading anti-ransomware company that closes endpoint protection gaps and defeats ransomware through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.