Fraud Management & Cybercrime , Governance & Risk Management , Privacy

London Hospitals Seek Biologics Backup After Ransomware Hit

Urgent Appeal Issued for O Type Blood; Attack Disrupts Patient Blood Type Matching
London Hospitals Seek Biologics Backup After Ransomware Hit
Image: NHS Blood and Transplant

Last week's ransomware attack on a British pathology services vendor has disrupted multiple London hospitals' ability to match patients' blood with available stocks.

See Also: Best Practices to Protect Communication and Email Fraud with Technology

As a result, England's National Health Service has issued an urgent appeal for O positive and O negative blood donors to book appointments in the coming weeks, as officials seek a workaround.

"For surgeries and procedures requiring blood to take place, hospitals need to use O type blood as this is safe to use for all patients and blood has a shelf life of 35 days, so stocks need to be continually replenished," said NHS Blood and Transplant.

"That means more units of these types of blood than usual will be required over the coming weeks to support the wider efforts of frontline staff to keep services running safely for local patients," it said.

The appeal follows a June 3 ransomware attack against Synnovis, a pathology services vendor that operates as a partnership between two London-based hospital trusts and Munich-based SYNLAB, which is one of Europe's leading providers of laboratory diagnostic services (see: Qilin RaaS Group Believed to Be Behind Synnovis, NHS Attack).

The attack has delayed organ transplants, elective surgeries and other procedures due in part to the fact that hospitals relying on Synnovis' services "cannot currently match patients' blood at the same frequency as usual," the NHS said.

Lacking a system-level solution to the problem, officials' plan B has been a biologics approach. Instead of attempting to match patients' blood type with available stocks, they instead want to use O type blood, known as the universal blood type, whenever possible.

"Patient safety is our absolute priority. When hospitals do not know a patient's blood type or cannot match their blood, it is safe to use O type blood," said Dr. Gail Miflin, chief medical officer at NHS Blood and Transplant.

Officials said they're seeking to fill 13,000 O type blood donor slots, including 3,400 in London alone, just this week, and that the need for more such donations will continue for the foreseeable future.

O positive type blood can be given to anyone with a positive blood type, and O negative to anyone with a negative blood type.

The NHS said O positive is the world's most common blood type, with 35% of donors having it, and 76% of the population being able to use it. By contrast, 8% of the population in England has type O negative blood, and requests for that type of blood normally comprise 15% of hospital orders.

One potential complication is that O type blood is essential for emergency care, and carried by air ambulances and emergency response vehicles when responding to serious emergencies. Any shortfall in O type blood supplies could lead to further canceled appointments or surgeries, or potentially having to triage its availability for emergency responders.

"A number of operations and appointments have been postponed or diverted to other neighboring hospitals not impacted by the cyberattack, as we prioritize pathology services for the most clinically urgent cases," said Stephen Powis, NHS England's medical director.

"To help London staff support and treat more patients, they need access to O negative and O positive blood, so if one of these is your blood type, please come forward to one of the 13,000 appointments currently available in NHS Blood Donor Centers," he said.

Numerous non-urgent surgeries and inpatient admissions have been canceled at London's King's College Hospital, Royal Brompton Hospital - the U.K.'s largest specialist heart and lung medical center - as well as Evelina London Children's Hospital, and disrupted primary care across southeast London.

"Pathology services at the impacted sites are available - albeit at a reduced capacity - with the most urgent cases being prioritized," Chris Streather, the medical director for NHS England London, said Wednesday. "Unfortunately, some non-urgent operations and procedures including transplants continue to be postponed, while nearly all non-urgent blood tests have been postponed in primary care services in southeast London."

NHS England said its cybersecurity incident response team continues to respond to this incident. "At present the full extent of the attack, as well as the impact upon data, is not known," it said.

The attack against Synnovis is the latest in a long line of extortion-driven attacks attributed to Russian-speaking ransomware groups. They continue to operate with impunity - provided they never attack Russia or its allies - as often they crypto-lock a victim's systems and demand a ransom in return for a decryption key or promise to not leak stolen data (see: Yet More Evidence Highlights Ransomware Groups' Banner Year).

This latest attack on the NHS already stands as "one of the most unpleasant and impactful cyber incidents in the U.K. in recent years," cybersecurity expert Ciaran Martin, who formerly headed Britain's National Cyber Security Centre, told the Times of London.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.