iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
The King is set to reveal new legislation to protect critical services and infrastructure, such as the NHS, from cyber attacks.
The new bill is expected to cover vulnerabilities in the UK’s current cyber security legislation, requiring private sector organisations that work with government departments and services like the NHS to meet certain cyber security standards and have certain safeguards to shield themselves against potential cyber threats.
The entire supply chain will be required to meet these standards, including the public services themselves.
The new legislation, which is set to be revealed in the King’s Speech on Wednesday (17 July 2024), comes after a number of major cyber attacks against UK critical infrastructure and services.
Just last month, the Qilin ransomware gang launched an attack on pathology services provider Synnovis Group LLP, leading to a number of major NHS hospitals in London and around England unable to operate properly.
“This has affected all Synnovis IT systems, resulting in interruptions to many of our pathology services,” he said, adding that the hospitals declared a “critical incident” that affected the delivery of services such as blood transfusion.
NHS said: “All urgent and emergency services remain open as usual, and the majority of outpatient services continue to operate as normal.”
“Unfortunately, some operations and procedures which rely more heavily on pathology services have been postponed, and blood testing is being prioritised for the most urgent cases, meaning some patients have had phlebotomy appointments cancelled.”
Qilin then published the data, leaking patient names, dates of birth and NHS numbers, according to a BBC report.
“We understand that people may be concerned by this, and we are continuing to work with Synnovis, the National Cyber Security Centre and other partners to determine the content of the published files as quickly as possible,” a spokesperson for NHS England said.
“This includes whether it is data extracted from the Synnovis system, and if so, whether it relates to NHS patients.”
Months earlier, in March, the INC Ransom ransomware gang posted proof of an attack on NHS Scotland.
Included in the “proof pack” are biochemistry reports, letters between doctors regarding patient treatments, genetics reports, and patient psychological reports. The documents include names, addresses, and very personal medical details.
The group claimed to have three terabytes of data.
While INC Ransom claims the data was acquired from NHS Scotland, NHS Dumfries and Galloway – one of 14 regions administered by NHS Scotland – reported a cyber incident on 15 March, warning that “there is a risk that hackers have been able to acquire a significant quantity of data”. Many of the documents in INC Ransom’s proof pack appear to be from that region.
On 19 March, NHS Dumfries and Galloway chief executive Jeff Ace released a further statement.
“As you would expect, this has been viewed as an extremely serious matter demanding a major response,” Ace said, adding that there was “reason to believe that those responsible may have acquired patient and staff-specific data”.
Be the first to hear the latest developments in the cyber industry.
