A major cyber attack which caused months of disruption across NHS services in south London would have been thwarted if the affected system had been protected by a basic IT security process, HSJ has learned.
Synnovis, which provides pathology services for more than 2 million people in the capital, was hit by a ransonware attack in June.
The attack locked staff working for the pathology provider to Guy’s and St Thomas’ and King’s College Hospital foundation trusts out of their systems for months. This resulted in widespread delays to care, including cancer treatment. Clinical teams in hospital had to revert to pen and paper, while GPs in the area were left “flying blind” without the ability to order tests.
Senior sources who worked on the response to the attack have now confirmed to HSJ that the system was not protected by multi-factor authentication (commonly known as “two-factor authentication”). MFA involves a user who has entered their password verifying their identity via another method, typically a call or text to their mobile.
After the attack, NHS England’s chief information security officer Phil Huggins wrote to all NHS providers saying two-factor authentication was now mandatory for all NHS systems and those used by their suppliers.
Read full story (paywalled)
Source: HSJ, 26 September 2024
0 Comments
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now