HIV tests dropped and a return to paper working: Inside the hospitals held to ransom by Russian hackers

A Russian group of cyber criminals is behind the ransomware attack affecting major London hospitals, an expert has said  (PA)
A Russian group of cyber criminals is behind the ransomware attack affecting major London hospitals, an expert has said (PA)

A cyberattack on NHS hospitals could take months to resolve, with HIV tests and cervical cancer screening dropped and staff working on paper, The Independent has been told by insiders.

On Monday, major London hospitals were targeted by a ransomware attack by Russian hackers, which took out IT systems responsible for reporting patient tests.

Commercial supplier Synnovis provides systems used by labs, King’s College and Guy’s and St Thomas’ NHS trusts, and GP services across six London boroughs – Bromley, Southwark, Lambeth, Bexley, Greenwich and Lewisham.

The NHS has not given full details of contingency plans being activated, but senior hospital sources describe the situation as a “disaster”, with staff having to record patient test results on paper and call through emergency results manually.

The trusts have been forced to cancel or divert non-urgent operations and procedures, and GPs were told on Monday to cancel all non-emergency blood tests.

Several senior NHS sources have now warned that it could take months to fully recover from the attack.

One trust executive said: “We are telling staff that it will be weeks and possibly months.

“All working on workarounds at the moment but issues of patient safety. [We are] having to look at priority areas for processing tests for particular conditions and patients. Everything is paper-based, which means more risk, of course.”

Another senior clinician said it could take months to recover, but weeks to solve “priority” services. They said capacity for routine HIV testing and routine HIV testing in emergency departments has been lost.

GP services in Bromley sent a message to patients on Wednesday, saying: “The attack is affecting all pathology services, including phlebotomy and cervical screening.

“Synnovis has asked for patients to delay having non-urgent blood [tests] taken until further notice and asked phlebotomy providers to cancel non-urgent appointments. This means BGPA will be cancelling all non-urgent phlebotomy appointments until further notice, as there is no capability to process samples and return them at this time.”

On Wednesday, a spokesperson for NHS England London said: “Unfortunately, some operations and procedures which rely more heavily on pathology services have been postponed, and blood testing is being prioritised for the most urgent cases, meaning patients have had phlebotomy appointments cancelled.”

On Wednesday morning, former National Cyber Security Centre chief Ciaran Martin told BBC Radio 4’s Today programme the attack came from a Russian cybercrime group called Qilin.

The attack has been described as a “ransomware” incident, meaning criminals are demanding money to unblock the system.

Professor John Clark, professor of computer and information security at the University of Sheffield, said: “However, the exact nature by which the Synnovis system was initially penetrated is unclear. It is critical to understand this because otherwise, after the system has been ‘cleaned’, the attackers could simply re-penetrate – though such efforts would be subject to highly intense monitoring.

“Patient safety is of paramount concern and the accuracy of results is essential, so it is important to stress that unless it is known what has happened to the system, the accuracy of any stored data cannot be ensured. Determining whether stored data has been manipulated may simply not be possible and tests may have to be rerun and results re-recorded.”