cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Qilin ransomware blamed for London hospitals cyber attack

A Russian ransomware gang has been linked to a cyber attack that stunted a number of major NHS hospitals in London.

user icon Daniel Croft
Thu, 06 Jun 2024
Qilin ransomware blamed for London hospitals cyber attack
expand image

Pathology services provider Synnovis Group LLP suffered from a ransomware attack from an initially unidentified threat actor, affecting five London hospitals – King’s College Hospital (KCH), St Thomas’ Hospital, Guy’s Hospital, Royal Brompton Hospital, and Evelina London Children’s Hospital.

Synnovis chief executive Mark Dollar confirmed that the company “was the victim of a ransomware cyber attack.”

“This has affected all Synnovis IT systems, resulting in interruptions to many of our pathology services,” he said, adding that the hospitals declared a “critical incident” that affected the delivery of services such as blood transfusion.


NHS said: “All urgent and emergency services remain open as usual, and the majority of outpatient services continue to operate as normal.”

“Unfortunately, some operations and procedures which rely more heavily on pathology services have been postponed, and blood testing is being prioritised for the most urgent cases, meaning some patients have had phlebotomy appointments cancelled.”

Now, Dollar has revealed that the attack has been tied to Russian ransomware game Qilin.

“We believe it is a Russian group of cyber criminals who call themselves Qilin,” he told BBC Radio 4.

“They’re simply looking for money. It’s unlikely they would have known that they would have caused such serious primary healthcare disruption when they set out to attack the company.”

At the time of writing, Cyber Daily observed that Qilin’s dark web ransom blog was down, showing an 0xf2 error suggesting the site was now disconnected. There are currently no reports of the threat group claiming the attack on Synnovis Group, nor any evidence that any data was stolen or leaked.

The NHS revealed yesterday (5 June) that a team is working to assist the affected hospitals and Synnovis.

“NHS England has deployed a cyber incident response team, which is working round the clock to support Synnovis and provide emergency guidance, as well as coordinating with health services across the capital to minimise disruption to patient care,” it said.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.