The recent cyberattack that led multiple London hospitals to declare a state of emergency has been attributed to the ransomware-as-a-service (RaaS) group Qilin. The group, which is financially motivated and based in Russia, uses double extortion tactics to both encrypt data and threaten to publish it if a ransom is not paid.
The attack was targeted against Synnovis, a partnership between the Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospitals NHS Trust. Synnovis hosts SYNLAB, the largest provider of medical testing and diagnostics in Europe. The compromise and encryption of Synnovis systems led to an interruption of pathology services at the two NHS hospitals and various general practitioner services across several boroughs.
Qilin, also known as Agenda, is an RaaS provider that first emerged in July 2022. The group tends to target high-value targets such as enterprises and has also been known to target the healthcare and education sectors with double extortion attacks. The Qilin ransomware has both Golang and Rust variants, with the Rust variant being especially evasive, customizable, and difficult to decipher.
Qilin has claimed attacks against victims in several countries across the globe, including the United Kingdom, United States, Canada, Brazil, France, and Japan. The group has been attributed to attacks against various entities in the United States and Yanfeng Automotive Interiors in China.
The healthcare sector has long been a prime target for cybercriminals due to the wealth of valuable data they hold, including personal health information and financial data. This risk is especially pronounced in the NHS due to their reliance on single-use machines running outdated and unsupported software, along with the practice of multiple users logging onto each PC, making it incredibly difficult to secure and manage these systems effectively.
The ransomware risk to healthcare is a global problem. Healthcare was the most targeted sector for ransomware attacks in the United States in 2023, with 249 attacks reported to the FBI’s Internet Crime Complaint Center (IC3) that year.
Recent high-profile healthcare ransomware attacks have led to growing calls for government intervention to improve cyber defenses through greater funding and policy to prevent the next major attack. Healthcare providers are also under pressure to clean up their act and avoid being the next big ransomware healthcare, and more importantly, avoid putting patients’ care, privacy, and lives at risk.
Traditional reactive approaches are no longer sufficient to mitigate these threats. Healthcare providers need to implement robust security measures that encompass not just their own systems but also those of their third-party providers. This includes continuous monitoring, regular security assessments, and comprehensive incident response plans. By adopting these strategies, healthcare organizations can better protect their critical infrastructure and, most importantly, ensure the safety and trust of their patients.
You may also like:- How To Parse FortiGate Firewall Logs with Logstash
- Categorizing IPs with Logstash – Private, Public, and GeoIP Enrichment
- 9 Rules of Engagement for Penetration Testing
- Google vs. Oracle – The Epic Copyright Battle That Shaped the Tech World
- Introducing ChatGPT Search – Your New Gateway to Instant, Up-to-date Information
- Python Has Surpassed JavaScript as the No. 1 Language on GitHub
- [Solution] Missing logstash-plain.log File in Logstash
- Top 7 Essential Tips for a Successful Website
- Sample OSINT Questions for Investigations on Corporations and Individuals
- Top 10 Most Encryption Related Key Terms
This Post Has One Comment