Guy’s and St Thomas’ Foundation Trust (GSTT) and King’s College University Hospital NHS Foundation Trust found themselves at the center of a digital storm. The attackers exploited vulnerabilities in the hospital systems, gaining unauthorized access to sensitive patient data and disrupting essential services. The impact was far-reaching, affecting not only London but potentially extending to other hospitals as well.
Emergency Procedures Canceled: Over 200 emergency and life-saving procedures were abruptly canceled. Patients awaiting critical surgeries faced uncertainty and anxiety as hospitals scrambled to contain the situation.
Urgent Cancer Diagnoses Delayed: The attack disrupted the referral process for cancer patients. More than 3,000 non-surgical appointments were postponed, leaving patients in limbo. For those awaiting cancer diagnoses, every day counts, and delays can have serious consequences.
Synnovis Under Scrutiny: The attack was traced back to Synnovis, a supplier that provides services to several hospitals. Authorities are investigating how the breach occurred and whether other hospitals relying on Synnovis are also at risk.
Patient Trust Eroded: Trust is the bedrock of healthcare. The cyberattack eroded patient trust in the system. Patients now wonder if their personal information is safe and whether hospitals can protect them from digital threats.
Operational Challenges: Hospitals face operational challenges as they grapple with the aftermath. Restoring systems, ensuring data integrity, and fortifying cybersecurity protocols demand significant resources and expertise.
Lessons Learned: The incident is a wake-up call for healthcare institutions worldwide. It underscores the need for robust cybersecurity measures, regular audits, and proactive threat detection.
Immediate Response: Hospitals swiftly activated their incident response teams. They isolated affected systems, notified patients, and initiated recovery processes.
Collaboration: Healthcare organizations collaborated with law enforcement agencies, cybersecurity experts, and other hospitals. Sharing insights and best practices is crucial to preventing future attacks.
Public Awareness: Raising awareness about cyber threats is essential. Patients need to understand the risks and be vigilant about protecting their personal health information.
The incidents kept getting worse, with more and more organizations revealing that they were attacked by Cl0p. On June 5, a cyberattack on Zellis, a payroll business, affected British Airways (BA), the BBC, and Boots. The hack, which at the time was directly connected to the use of the MOVEit vulnerability, revealed the personal information of thousands of workers (two days later, BA and BBC received the standard ransomware demand from Cl0p.) As of June 15th, First National Bank, Putnam Investments, and 1st Source were among the financial services providers affected, in addition to the oil giant Shell. Though more would surface as the year went on, ransom demands seemed to crescendo at the end of the month, with Cl0p identifying and shaming Siemens Energy and Schneider Electric as the most recent victims of what now appeared to be one of the worst cyberattacks in history.
Also, June was a memorable month for the UK government’s AI goals. On June 8, the government announced their first AI summit, where it provided opportunity to world leaders to discuss regulations for a technology that many believed possessed a potential to either improve or destroy the global economy.
As a conclusion, risk reduction in regards to AI emerged on top of the agenda. The UK government stated that risks related with “frontier systems, and discuss how they can be mitigated through internationally coordinated action,” were included in the summit’s discussions.
Furthermore, later that month, the government vouched its commitment towards shaping AI safety research by announcing around £50m in additional funding. On June 19, campaign groups Foxglove and the Doctor’s Association UK (DAUK) urged NHS to reevaluate its bid for the Federated Data Platform (FDP), a large IT project intended to connect the disparate data repositories of British health care into a single, cohesive entity.
While rationality in data analysis was a fair aspiration, according to Foxglove and DAUK, they noted that the government’s strategy for winning over the public to the data collecting that the project required was noticeably negligent. That mattered a lot more, they continued, since Palantir, a US tech startup started by an entrepreneur who had a dim view over the NHS, was the prospective winner of the FDP contract (the prediction that later turned out to be true).
Foxglove further notes that from the analysis they ran over the matter, it turned out that a huge chunk of the public would be against the project centred around the operations of healthcare services to be managed by a private organization. Therefore, making it unlikely for the FDP to be able to provide useful insight into the population's health, among other insights, claimed by its supporters.
The outsourcing company responsible for NHS Test and Trace system in the UK confirmed this week that it was targeted by the threat actors running the recently-discovered Babuk ransomware.
Fraudsters are tricking people in the UK via fake Covid-19 vaccination invites, scammers are posing to be from the UK’s National Health Service (NHS), and are sending fake emails including a link to enroll for the vaccine.