The ransomware gang responsible for the chaos at London hospitals kept true to its word and released a trove of data that it claims belongs to pathology services provider Synnovis.

National Health Service (NHS) officials have battled crippling service disruptions across various hospitals in London after Synnovis - a partnership between Synlab and two London NHS Trusts - pulled its systems offline following a Qilin cyberattack.

Qilin told The Register in an interview earlier this week that it would publish the data on June 20, as it did, after the gang severed communications with Synnovis over its perceived unacceptable stalling during the negotiation phase.

Without reviewing the data that's been made available via the group's Telegram channel, which is Qilin's typical preferred method of leaking victim data, we can see that more than 400GB worth of compressed files were made available for download.

Qilin claimed that it stole over 1TB worth of Synnovis' data, so if this data was downloaded and unarchived, the volume would be very likely to match or exceed the gang's claim.

The publication of the data, coupled with Qilin's claims that it grew tired of Synnovis during negotiations, all but confirms the company adhered to the UK's official stance on not paying cybercriminals' ransom demands.

NHS issues another update

For two weeks now, the UK's health service has published once-weekly updates on the situation at London hospitals and this week's edition illustrated just how bad things have become in the space of seven days.

In total, 1,134 elective surgeries have been postponed as a result of Qilin's attack on Synnovis, which began June 4, and 2,194 outpatient appointments have also been pushed back.

The NHS's previous update from June 14, six days prior to its most recent one, stated that around 1,500 surgeries and appointments had been delayed. That was a combined figure, it should be noted, one that has more than doubled in less than a week.

Dr Chris Streather, medical director for NHS London, said: "Although we are seeing some services operating at near normal levels and have seen a reduction in the number of elective procedures being postponed, the cyberattack on Synnovis is continuing to have a significant impact on NHS services in South East London.

"Having treatment postponed is distressing for patients and their families, and I would like to apologise to any patient who has been impacted by the incident, and staff are continuing to work hard to rearrange appointments and treatments as quickly as possible.

"Mutual aid agreements between NHS labs have begun to have a positive impact in primary care providers, helping increase the number of blood tests available for the most critical and urgent cases.

"Patients should access services in the normal way by dialing 999 in an emergency and otherwise use NHS 111 through the NHS App, online, or on the phone. They should also continue to attend appointments unless they are told otherwise by the clinic team."

No remorse

The criminals running the Qilin gang told us this week that in targeting Synnovis, they were fully aware that a healthcare crisis would ensue, and that it fully intended to carry out the damage it did. No accidents.

It did express a degree of sympathy to the thousands of affected patients in the capital city, but no regrets.

"We sincerely sympathize with ordinary residents of London and other British cities who have become hostages of this situation," the Qilin spokesperson said. "But we will never regret what we do, because this is a struggle. 

"We hope that no one was hurt and we urge ordinary people to think about the true problems that led to this situation."

Qilin shut down further questioning when pressed on how it juggles the ethics of the situation, and when reminded of the scale of the disruption it caused.

"We have already answered your questions. There will be no more clarifications," the spokesperson said hours before leaking the data. ®

https://www.theregister.com//2024/06/21/qilin_cyber_scum_leak_the/