The cyber-attack that is causing serious disruption for hospitals and GP surgeries in London will take “many months” to resolve, a senior NHS source has warned.
“It is unclear how long it will take for the services to get back to normal, but it is likely to take many months,” the well placed official said.
“Key to a return to normal will be clarity about how the hackers gained access to the system, how many records have been affected and whether these records are retrievable,” they added.
Six NHS trusts and scores of GP practices in south-east London, which serve 2 million patients, have been struggling to deliver many types of care normally to patients since Russian hackers infiltrated and rendered unusable the IT system of Synnovis, a private firm which analyses blood tests.
The ransomware attack, believed to be by the Russian Qilin criminal gang, caused such chaos that the NHS had to declare a “critical incident” when it occurred last Monday. Quilin’s modus operandi is to demand money from victims in return for giving them back access to their systems.
Trusts including Guy’s and St Thomas’ (GSTT) and King’s College have had to cancel large numbers of non-urgent operations, including procedures for cancer, and also planned caesarean-section births, because they are being forced to ration the number of blood tests they do.
The NHS has not given any indication publicly about how long it will take for Synnovis to regain control of its system, from which they have been blocked by software inserted by the hackers. But the remarks by the senior source represent NHS leaders’ latest thinking about the likely timescale.
Ciaran Martin, the former head of the National Cyber Security Centre, concurred with the NHS’s thinking that it could be facing a prolonged period of disruption.
“We should not be surprised that the time it takes to completely recover services is in the weeks or even months. That’s fairly typical for these types of disruptive ransomware attacks,” he said.
It would be “highly unusual” if the NHS trusts could get back to their normal ways of working over a short timescale, added Martin, who is now a professor at Oxford university’s Blavatnik School of Government.
“The analogy with the physical world is, it’s not so much locking you out of the house as kicking down the door, boarding it up again and then putting on a padlock,” he said of the NHS attack.
In such an attack, IT systems are encrypted by the attacker and the victim is forced to rebuild their infrastructure if they don’t pay to access a decryption key. Even if the computers are decrypted, the damage can still be extensive.
NHS England’s London region is trying to mitigate the attack’s impact on the delivery of care by ramping up “mutual aid” arrangements, under which other trusts in the capital take on some of the work that the affected hospitals cannot do.
For example, some people with heart problems who were inpatients at GSTT or King’s have been moved to St George’s hospital in south-west London. There are plans for organ transplant operations that are usually done at King’s to be performed elsewhere too.
GPs across the six south-east London boroughs in which the trusts are based have also had to scale back dramatically the number of blood tests they can order and focus on urgent cases only.
In her regular weekly message to health service leaders on Monday, NHS England’s chief executive, Amanda Pritchard, said that despite being a national health service “that doesn’t mean that we are insulated from international events and actors – whether pandemics, supply chains, politics or criminals”.
She added that the hack shows “how easy it is to take things for granted until they’re gone, or severely constrained”, referencing pathology services, which “play an unseen but incredibly important role in the modern NHS”.
Typically, Qilin attacks also involve the theft of data from a victim’s IT systems, alongside the encryption. The data is then posted on an extortion site on the dark web if a ransom is not paid. However, as of Monday no data had been posted on Qilin’s extortion site.
NHS England has been approached for comment.