Qilin cyberattack exposes Synnovis: unprecedented data breach
The group responsible for the recent Synnovis attack affecting NHS Blood Services, recently released approximately 400GB of sensitive patient information. The data includes names, dates of birth, NHS numbers, and blood test details. This is the latest development in a devastating ransomware attack that has crippled NHS services in South East London.
Qilin exposed their identity having demanded a $50 million ransom to end their cyberattack on Synnovis. BBC News reported that Qilin had previously threatened to release the data unless their demands were met.
Devastating demands – The real world impact
The effects of attacks like this are profound, often causing network-connected physical systems to fail. In the Synnovis attack, the NHS has been unable to use essential systems for running blood tests. The result – more than 3000 appointments have been postponed or cancelled, including more than 1000 elective procedures and 2,000 outpatient appointments. This has caused severe disruption to hospital operations and impacted countless lives. Yet this is not an isolated case, the incident echoes other ransomware attacks targeting local authorities in both the US and UK, many of which have forced affected parties to revert to pen and paper, effectively shutting down critical operations and systems.
These attacks provide a stark reminder of our heavy dependence on digital security and the tangible impact on lives, when critical health infrastructure is compromised.
Exposing weak links: supply chain vulnerabilities
With robust cybersecurity an imperative for public organisations, there are questions around how such attacks are still affecting critical national infrastructure such as the health service. Reliance Cyber Advisory Board Member and Gresham College Professor, Victoria Baines, highlighted a critical issue, explaining “What we have seen with the Synnovis attack is a dominant trend in the cybercriminal world to target the supply chain. Rather than attacking the NHS directly, cybercriminals are focusing on private companies that work with the NHS, which may have fewer resources for cybersecurity.” Professor Baines went on to say “The NHS bolstered their defences significantly in response to the WannaCry attack in 2017, however, the supply chain now poses the real threat.” Professor Baine warned, “It’s crucial that when organiastions buy software or external services, They ensure these vendors adhere to the same cybersecurity standards as their own organisations.”
Strengthening defenses: proactive measures for cybersecurity
When it comes to cybersecurity the importance of preventative measures cannot be overstated, and organisations across the board can learn valuable lessons from this latest attack.
To mitigate the risk of similar breaches in the future, we recommend several measures:
Regular security audits
Conducting frequent and thorough security audits can help identify vulnerabilities before they are exploited by malicious actors. This proactive approach ensures that any weaknesses in the system are addressed promptly, preventing potential disruptions similar to those seen in the Synnovis attack, where network-connected physical systems failed, hindering critical operations like blood tests.
Comprehensive supplier risk management
To address supply chain vulnerabilities, organisations should build a holistic view of all their suppliers and the services they provide. Segment suppliers by the level of risk they represent, considering factors such as the type and volume of data they have access to and the criticality of their services. Additionally, organisations should assess concentration risk (reliance on a supplier) and investigate whether suppliers depend on other suppliers, identifying fourth- and fifth-party risks.
Conducting due diligence and risk assessments on current and prospective suppliers is critical. Verify your suppliers’ security credentials as part of this process to ensure they meet your standards. Establish clear and enforceable contracts and agreements with third parties, specifying security requirements, expectations, and defining roles and responsibilities in the event of an incident.
Regularly monitor and assess the performance and security posture of your third parties. Address any security issues or gaps rapidly. Leveraging technology, such as artificial intelligence and continuous assessment monitoring, can help enhance this process.
Data encryption
Encrypting sensitive data both at rest and in transit adds an additional layer of protection, making it more difficult for attackers to access and use the information. This measure is essential in safeguarding patient data and ensuring that even if a breach occurs, the data remains secure.
Securing your infrastructure and assets
Investing in a robust cybersecurity infrastructure may feel like a thankless task, but not only does it provide peace of mind, it ultimate provides (return of security investment) as it can prevent costly and sometimes irreparable damage. The Synnovis breach, which led to the cancellation or postponement of over 1,134 elective procedures and 2,194 outpatient appointments, highlights the profound impact on hospital operations when systems are compromised.
Investing in advanced threat detection and response systems, to protect sensitive data and systems is key.
Incident response planning
Do you know who the key contact is in each of your suppliers? Organisations should have a robust incident response plan that covers their supply chain and part of this involves knowing who to approach if an incident occurs. Maintaining effective communication and coordination mechanisms with third parties in case of an emergency is crucial. This ensures a quick and coordinated response which can minimise damage in the event of a breach.
Employee training
An organsation’s cybersecurity should not rely on the individual, however, training staff on cybersecurity best practices is crucial. Employees should be aware of phishing tactics and other common methods used by attackers to gain access to networks. Awareness is important in helping prevent breaches that can force organisations to revert to manual operations, as seen in numerous ransomware attacks.
Get to grips with your supply chain security with Reliance Cyber
Managing the complexities of your supply chain can be daunting, but we’re here to help. At Reliance Cyber, our Professional Services team partners with clients across diverse sectors—including government, healthcare, retail, manufacturing, and construction—to identify and manage risk effectively.
With our NCSC-assured Cyber Incident Response (CIR) provider status and certification as a CREST Cyber Security Incident Response (CSIR) team, we have unmatched expertise in supporting UK organisations at high risk of cyberattacks.
As SC Awards finalists for Best Managed Security Services, we also offer unrivalled 24/7/365 monitoring and detection services all underpinned by pour team of SC Cleared analysts.
Ready to take your security to the next level?
Contact us today to speak with one of our specialists for advice and information.