Hospitals' cyber-attack: Why a task force is needed to halt a sophisticated enemy: Greg Wright

Vanessa Welham said her husband’s blood test was cancelled on Monday evening and he was informed that local centres were not taking bookings for an “indefinite period of time”. These delays cause anxiety for patients and their families; time is of the essence over any issue related to health.

The attack on pathology services firm Synnovis led to a “severe reduction in capacity” and provided a horrible reminder of how rogues without a conscience can cause misery for the sick and vulnerable.

NHS officials said they are working with the National Cyber Security Centre to understand the impact of the attack. The Health Service Journal (HSJ) reported one senior NHS manager as saying: ”It’s everyone’s worst nightmare. The difficulty will be that when you have total system downtime, the volumes of tests will be huge."

Another source told the HSJ the attack presented a huge problem for urgent and emergency care at the hospitals as they would not be able to access quick-turnaround blood test results. This is part of a worrying global trend, with financial and healthcare services among the sectors hit hardest by organised gangs of criminals.

The US, in particular, has recorded a shocking increase in cyber attacks over the last year. The study conducted by data collection company SOAX concluded that 117m victims were affected by attacks on healthcare and finance industries in 2023.

The healthcare industry in the US was the most vulnerable sector, with 809 data violation cases in 2023. SOAX described this as “a staggering surge” in incidents, with cases soaring from 343 in 2022.

Ciaran Martin, former chief executive of the National Cyber Security Centre, told BBC Radio 4’s Today programme that a Russian group of cyber criminals was behind the attack on the pathology services in London.

We are fighting a sophisticated foe. As Richard Hilton of IT support services firm Claritas Solutions noted recently, attacks are not generally instigated at the point of infiltration.

The skilled protagonists will leave the malware in place for a number of weeks or months, so by the time you start the recovery process the malware is embedded in your backups, which makes the whole process of repelling them messy, disruptive and expensive. Organised gangs of criminals must not be allowed to hold the health service to ransom. The new Government must invest in resources to keep us all safe.

There is little point in implementing policies to reduce NHS waiting lists if cyber attacks can throw the process into reverse. A private sector task force must support the work of the National Cyber Security Centre to repel these invaders, who potentially place us all in danger.

Greg Wright is the deputy business editor of The Yorkshire Post