UK national blood stocks in ‘very fragile’ state following ransomware attack

Avatar

The ransomware attack impacting several London hospitals has left national blood stocks “in a very fragile position” according to a letter sent this week to National Health Service chief executives warning there is “a real prospect” it may have to move into “amber alert” status and restrict transfusions.

An amber alert status “occurs when there is a significant risk to the supply of blood that will affect clinical care” in England and means that healthcare services will need to limit the amount of blood available for only the most medically critical  transfusions.

Even in the pre-amber status, NHS staff are being asked to help “avoid a worsening position” by limiting requests for “fresh red cells” and by restricting the threshold for transfusions except in the most severe circumstances.

An urgent call for O-type blood donations was issued a week after the ransomware on Synnovis, a business providing pathology services for hospitals and clinics in London. 

The attack left healthcare providers struggling to make blood matching tests, forcing them to rely on universal donor types which depleted those stocks — something that had had an impact on blood banks across the country.

Although the urgent call provided “a big uplift” in donations according to an NHS spokesperson, blood only has a shelf life of 35 days. While staff at the affected hospitals and clinics are managing to complete blood matching tests at around 54% of their usual capacity, stocks of O-negative red cells are currently at around a third of what the NHS aims to maintain.

For information on donating blood in the United Kingdom, visit: https://www.blood.co.uk/

NHS London declared a regional incident, with multiple hospitals declaring a critical incident, following the attack by the Qilin ransomware gang. It is feared the disruption could last until September.

As of last week more than 6,000 acute outpatient appointments and 1,400 surgeries have been postponed as a result of the disruption, including hundreds for cancer treatments.

Dr. Chris Streather, the medical director for NHS London, said: “We are starting to see a reduction in the number of acute outpatient appointments and elective procedures being postponed, with 136 elective procedures postponed last week compared to 814 in the first week of the cyber attack.”

Streather acknowledged that that attack was “still having a significant impact on patients, and I understand it is distressing when a procedure is postponed.”

In one case reported by The Register, a breast cancer patient who had been scheduled to receive a mastectomy and breast reconstruction surgery at the same time found her surgery had been “swapped out for a simple mastectomy at the last minute.”

GovernmentNewsCybercrime
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.

 

Total
0
Shares
Previous Post

Attacks on Israeli orgs ‘more than doubled’ since October 7, cyber researcher says

Next Post

Von der Leyen pledges to tackle ransomware attacks against EU hospitals

Related Posts

RansomHub Group Deploys New EDR-Killing Tool in Latest Cyber Attacks

A cybercrime group with links to the RansomHub ransomware has been observed using a new tool designed to terminate endpoint detection and response (EDR) software on compromised hosts, joining the likes of other similar programs like AuKill (aka AvNeutralizer) and Terminator. The EDR-killing utility has been dubbed EDRKillShifter by cybersecurity company Sophos, which discovered the tool in
Avatar
Read More

New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet

Cybersecurity researchers have uncovered a new cryptojacking campaign targeting the Docker Engine API with the goal of co-opting the instances to join a malicious Docker Swarm controlled by the threat actor. This enabled the attackers to "use Docker Swarm's orchestration features for command-and-control (C2) purposes," Datadog researchers Matt Muir and Andy Giron said in an analysis. The attacks
Avatar
Read More