Following up on this story about London hospitals getting pwned by a ransomware attack, I have more details on this. On the surface, this appears to be yet another third party attack.
The attack targeted Synnovis, a third-party provider responsible for pathology services such as blood tests, swabs, and bowel tests for the affected hospitals. As a result, crucial services like blood transfusions and test results have been disrupted.
In response to the attack, both Guy’s and St Thomas’ and King’s College Hospital have declared a “critical incident.” The Independent reports that general practitioners have been instructed to cancel all non-emergency pathology appointments, and hospital staff have been directed to request emergency blood samples only for patients requiring transfusions.
A spokesperson for NHS England’s London region stated, “This is having a significant impact on the delivery of services at Guy’s and St Thomas’, King’s College Hospital NHS Foundation Trusts and primary care services in southeast London, and we apologize for the inconvenience this is causing to patients and their families.” Despite the disruption, emergency care remains available, and patients are advised to continue accessing services as usual, including dialing 999 in emergencies.
According the The Record, the NHS suffered 138 ransomware attacks in just 2022 and 2023.
Experts with Cyware and Horizon3.ai offer perspective:
Emily Phelps, Director, Cyware had this to say:
“These ransomware attacks targeting healthcare and critical infrastructure reinforce the urgent need for a collective defense security approach. This incident, which has disrupted critical healthcare services, highlights the vulnerabilities inherent in siloed systems that slow down response times.
“A unified defense strategy and modernized security operations not only mitigate risks but also ensure a quicker and more efficient response, safeguarding essential services and protecting patient care.
Stephen Gates, Principal Security SME, Horizon3.ai follows with this:
“What all organizations must come to terms with is that their exploitable attack surface is no longer just their own – it now encompasses their suppliers’ attack surfaces as well. A successful attack against a smaller supplier, who is part of a larger supply chain, can in fact cause disruption to their upstream buyer community. Therefore, it is critical for organizations to not only continuously assess their own security postures, but the security postures of their suppliers as well.
“The challenge here is how do you continuously assess yourself – and your suppliers? Traditionally, organizations relied on two assessment approaches: Checkbox assessment exercises or manual penetration tests. The first does not always guarantee better security and the latter is nearly impossible to perform in a continuous fashion.
“However, there are autonomous assessment solutions and approaches readily available that can continuously (and preemptively) discover exploitable vulnerabilities and other weaknesses so organizations can resolve them before attackers discover them. It’s time for both public and private sector organizations to adopt these solutions and approaches before this sort of event becomes the norm
Third party attacks are the new problem of the moment. Which means that you need to ensure that you take into account the security practices of your suppliers and partners if you want to stay secure. Otherwise you get situations like this.
Related
This entry was posted on June 5, 2024 at 3:38 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
A Follow Up To London Hospitals Being Pwned In A Ransomware Attack
Following up on this story about London hospitals getting pwned by a ransomware attack, I have more details on this. On the surface, this appears to be yet another third party attack.
The attack targeted Synnovis, a third-party provider responsible for pathology services such as blood tests, swabs, and bowel tests for the affected hospitals. As a result, crucial services like blood transfusions and test results have been disrupted.
In response to the attack, both Guy’s and St Thomas’ and King’s College Hospital have declared a “critical incident.” The Independent reports that general practitioners have been instructed to cancel all non-emergency pathology appointments, and hospital staff have been directed to request emergency blood samples only for patients requiring transfusions.
A spokesperson for NHS England’s London region stated, “This is having a significant impact on the delivery of services at Guy’s and St Thomas’, King’s College Hospital NHS Foundation Trusts and primary care services in southeast London, and we apologize for the inconvenience this is causing to patients and their families.” Despite the disruption, emergency care remains available, and patients are advised to continue accessing services as usual, including dialing 999 in emergencies.
According the The Record, the NHS suffered 138 ransomware attacks in just 2022 and 2023.
Experts with Cyware and Horizon3.ai offer perspective:
Emily Phelps, Director, Cyware had this to say:
“These ransomware attacks targeting healthcare and critical infrastructure reinforce the urgent need for a collective defense security approach. This incident, which has disrupted critical healthcare services, highlights the vulnerabilities inherent in siloed systems that slow down response times.
“A unified defense strategy and modernized security operations not only mitigate risks but also ensure a quicker and more efficient response, safeguarding essential services and protecting patient care.
Stephen Gates, Principal Security SME, Horizon3.ai follows with this:
“What all organizations must come to terms with is that their exploitable attack surface is no longer just their own – it now encompasses their suppliers’ attack surfaces as well. A successful attack against a smaller supplier, who is part of a larger supply chain, can in fact cause disruption to their upstream buyer community. Therefore, it is critical for organizations to not only continuously assess their own security postures, but the security postures of their suppliers as well.
“The challenge here is how do you continuously assess yourself – and your suppliers? Traditionally, organizations relied on two assessment approaches: Checkbox assessment exercises or manual penetration tests. The first does not always guarantee better security and the latter is nearly impossible to perform in a continuous fashion.
“However, there are autonomous assessment solutions and approaches readily available that can continuously (and preemptively) discover exploitable vulnerabilities and other weaknesses so organizations can resolve them before attackers discover them. It’s time for both public and private sector organizations to adopt these solutions and approaches before this sort of event becomes the norm
Third party attacks are the new problem of the moment. Which means that you need to ensure that you take into account the security practices of your suppliers and partners if you want to stay secure. Otherwise you get situations like this.
Share this:
Like this:
Related
This entry was posted on June 5, 2024 at 3:38 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.