Qilin Ransomware Disrupts London Hospitals: June 2024 Attack Overview

In June 2024, the Qilin ransomware group launched a targeted attack on Synnovis, a private healthcare provider serving several NHS Trusts in London, including Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospital NHS Foundation Trust. The breach had devastating consequences, forcing the postponement of over 800 surgeries and the rescheduling of 700 medical appointments. This attack severely disrupted hospital operations and delayed critical medical procedures.

What Happened?

Qilin ransomware is part of a growing trend where cybercriminals target critical infrastructure, particularly healthcare institutions. The attack involved the encryption of vital data and systems at Synnovis, crippling the hospital’s ability to manage operations and healthcare services. The attackers deployed a double-extortion tactic—encrypting the systems and exfiltrating sensitive patient data. As a result, not only were hospital services disrupted, but there were also concerns over the confidentiality of sensitive patient information.

Immediate Impact

The ransomware attack had a profound effect on London’s healthcare services:

  • Postponed Surgeries: Over 800 surgeries, including critical procedures, were delayed.
  • Rescheduled Appointments: 700 patient appointments were postponed as the hospital systems struggled to recover.
  • Blood Supply Shortages: The attack affected the hospital’s internal communications, leading to blood shortages, particularly of O-positive and O-negative types. This prompted NHS Blood and Transplant to issue urgent donor appeals​(Cyfirma).

Qilin Ransomware’s Modus Operandi

Qilin is known for its sophisticated approach, typically targeting high-value sectors such as healthcare. The group’s attack on Synnovis followed the typical double-extortion model, which has become increasingly popular in 2024. This method includes:

  • Data Encryption: Encrypting critical hospital files, making them inaccessible until a ransom is paid.
  • Data Exfiltration: Threatening to leak sensitive patient data unless the ransom demands are met.

Response and Mitigation

Synnovis and the affected NHS Trusts have been working diligently to restore services and secure their systems. External cybersecurity experts have been called in to assist with containment and recovery efforts. However, given the attack’s scope, it’s expected that full restoration of services will take several months. As of the latest updates, there is no confirmation on whether a ransom was paid, but ongoing investigations and recovery efforts suggest that some systems are still affected.

Preventative Measures

This attack underscores the need for robust cybersecurity measures, especially in healthcare institutions that handle sensitive data. Organizations can mitigate risks by:

  • Implementing Strong Backup Systems: Ensuring regular backups of all critical data can help organizations recover without paying a ransom.
  • Enhanced Endpoint Security: Regularly updating systems and employing endpoint detection and response tools can help detect and neutralize threats early.
  • Staff Training: Educating staff on phishing and social engineering tactics can prevent the initial point of compromise.

The Qilin ransomware attack on London’s hospitals highlights the ever-growing threat ransomware poses to critical infrastructure. The attack’s impact on healthcare services and patient care serves as a stark reminder that organizations in every sector, particularly healthcare, must prioritise cybersecurity resilience.


Further Reading