Russian hackers responsible for London hospitals cyber attack, expert says

Ther former chief executive of the National Cyber Security Centre, Ciaran Martin, claims a Russian cyber gang is behind the cyber attack that has affected major London hospitals.

Martin said the group, known as Qilin, has a “two-year history” of attacking organisation across the globe.

Yesterday, King’s College hospital and Guy’s and St Thomas’ NHS Trusts, including the Royal Brompton and the Evelina London children’s hospital, confirmed they had been hit by the cyber breach on pathology service firm Synnovis.

The incident led to operations being cancelled and patients being redirected while staff were also unable to conduct blood transfusions.

Speaking to BBC Radio 4’s Today programme, Martin said: “These criminal groups – there are quite a few of them – they operate freely from within Russia, they give themselves high-profile names, they’ve got websites on the so-called dark web, and this particular group has about a two-year history of attacking various organisations across the world.

“They’ve done automotive companies, they’ve attacked the Big Issue here in the UK, they’ve attacked Australian courts. They’re simply looking for money.”

He added it was “unlikely” the Russian cyber group would have known they would cause such serious primary healthcare disruption when they set out to do the attack.

He continued: “There are two types of ransomware attack. One is when they steal a load of data and they try and extort you into paying so that isn’t released, but this case is different. It’s the more serious type of ransomware where the system just doesn’t work.

“So, if you’re working in healthcare in this trust, you’re just not getting those results so it’s actually seriously disruptive.

“This type of ransomware has affected healthcare all over the world.

“It’s particularly damaging in the United States, and where this type of cyber attack is different in terms of its impact from others, is that it does affect people’s healthcare. So, it’s really one of the more serious that we’ve seen in this country.”

He said the government had a policy of not paying but Synnovis would be free to pay the ransom if it chose to.

“The criminals are threatening to publish data, but they always do that. Here, the priority is the restoration of services,” he added.

UK health secretary Victoria Atkins has confirmed via X that she has met with NHS England and the National Cyber Security Centre to oversee the response to the cyber-attack on pathology services in south-east London.