Ransomware Fallout: UK Hospitals Struggle to Match Patient Blood Types


June 10, 2024

World map

The National Health Service (NHS) in England says there is desperate need for O-type blood donations following a ransomware attack on Synnovis that has disrupted systems for blood-type matching.

"Hospitals cannot currently match patients’ blood at the same frequency as usual,” The Record reports NHS officials as saying. This has driven the call for more O-type blood donations, which can be used on patients of all blood-types.

“To support London hospitals to carry out more surgeries and to provide the best care we can for all patients, we need more O Negative and O Positive donors than usual.”

“At present the full extent of the attack, as well as the impact upon data, is not known. Once further information is known we will report accordingly in line with Information Commissioner’s Office requirements.”

Medical procedures have been canceled at multiple London hospitals and a critical emergency declared in the aftermath of a ransomware attack against pathology services provider Synnovis.

“Some appointments have already been canceled or patients have been redirected to other providers at short notice due to the incident. The burden on other hospitals due to extra patients may lead to a further stretching of resources and more critical incidents being declared. It is not clear how long the disruption will last for,” Reuters reported.

“The disruption to the blood transfusion IT system risks having a major impact on trauma cases, as only urgent blood components will be transfused when it is “critically indicated for the patient."

The Russia-based Qilin ransomware gang is said to be the attacker. According to the latest Ransomware Malicious Quartile reference guide, Qilin (aka Agenda) is a RaaS operation that first emerged in July of 2022.

Qilin is assessed to be a big game hunter selecting targets for their ability to pay large ransom demands, as well as targeting the healthcare and education sectors.‍ Ransom demands are likely to be in the millions of dollars based on their affiliate profit sharing model which pays a higher percentage for ransoms over $3 million.

Notable victims include Big Issue Group, Ditronics Financial Services, Daiwa House, ASIC S.A., Thonburi Energy Storage, SIIX Corporation, WT Partnership Asia, FSM Solicitors and more.

Takeaway: With evidence mounting that ransomware attacks on healthcare providers are negatively impacting patient outcomes – a nice way of saying the attacks are increasing the likelihood of diminished health or even death - it’s time to call attacks on healthcare organizations and other critical infrastructure providers what they really are: state-sponsored terrorism.  

A recent report by Ponemon found a direct link between ransomware attacks and negative patient outcomes: 68% said ransomware attacks disrupted patient care, 46% noted increased mortality rates, and 38% noted more complications in medical procedures.

Other research found that between 2016 and 2021, ransomware attacks contributed to between 42 and 67 patient deaths, as well as a 33% increase in death rates per month for hospitalized Medicare patients.

The attacks are a steady revenue stream for the attackers, but some of the attacks may also work to further the geopolitical interests of adversarial nations, with Russia being the prime culprit.

There is a good deal of evidence that many of the players and tooling used by the notorious ransomware gangs can be tied to the Russian government, so the potential dual nature of a subsection of ransomware attacks should be considered.  

A recent report by Chainalysis assessed that 74% of all the illicit revenue generated by ransomware attacks during 2021 went to Russia-linked attackers, the lion’s share of ransomware proceeds.

We simply cannot discount the dual nature of a good portion of today’s ransomware attacks, where the attackers may be serving themselves from a financial perspective but are also furthering a larger geopolitical strategy.

The fact that ransomware attacks appear on the surface to merely be cybercriminal activity provides a convenient level of plausible deniability when those attacks also serve the larger geopolitical goals of adversarial governments like Russia.

This is why it is imperative that the US government and allied nations who are the targets of these attacks need to differentiate a portion of the attacks by reclassifying them as terrorist acts – specifically those attacks that target healthcare and other critical infrastructure functions where lives are at put at risk or lost.

If we call these attacks what they are – terrorist attacks meant to instill fear and further geopolitical goals – then we unlock a whole range of new options for both offensive cyber and even traditional kinetic military responses instead of just more alerts, guidelines and frameworks.

Ransomware attacks against critical infrastructure are a form of terrorism in and of themselves, and the fact that may of the attacks are so closely related to the geopolitical interests of adversarial nations - and provide them with plausible deniability - means we can no longer address these issues as simple criminal matters.

Halcyon.ai is the leading anti-ransomware company that closes endpoint protection gaps and defeats ransomware through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.