Cancer patient forced to make terrible decision after Qilin attack on London hospitals
- Reference: 1720198811
- News link: https://www.theregister.co.uk/2024/07/05/qilin_impacts_patient/
- Source link:
Hanna – the name she goes by – is now missing her right breast after her skin-sparing mastectomy and immediate breast reconstruction surgery was swapped out for a simple mastectomy at the last minute.
I never thought it was going to be due to a cyberattack by Russian hackers. That was not something that I would have ever thought would happen
The 36-year-old research culture manager at King's College London and former researcher in health sciences was diagnosed with HER2-positive breast cancer in late 2023. It's an aggressive form known for spreading faster and is more commonly recurring, which necessitates urgent treatment.
Hanna soon began a course of chemotherapy following her diagnosis until she was able to have what will hopefully be the first and only major procedure to remove the disease.
Between then and the operation, which was scheduled for June 7 – four days after the ransomware attack was carried out – she had been told repeatedly that the planned procedure was a skin-sparing mastectomy which would have allowed surgeons to cosmetically reconstruct her right breast immediately after the operation.
[1]
How the ordeal actually unraveled, however, was an entirely different story. Hanna was given less than 24 hours by doctors to make the daunting decision to either accept a simple mastectomy or delay a life-changing procedure until Synnovis's systems were back online.
[2]
[3]
The decision was thrust upon her on the Thursday afternoon before her Friday surgery. This was after she was forced to chase the medical staff for updates about whether the procedure was going ahead at all.
Hanna was told on the Tuesday of that week, the day after Qilin's attack, that despite everything going on, the staff at St Thomas' hospital in London were still planning to go ahead with the skin-sparing mastectomy as previously agreed.
[4]
Per the updates Hanna requested on Thursday, it was strongly suggested that the operation was going to be canceled. The hospital deemed the reconstruction part of the procedure too risky because Synnovis was unable to support blood transfusions until its systems were back online.
The ransomware attack wasn't easy on hospitals. The situation was so dire that blood reserves were running low just a week after the attack, prompting an urgent appeal for O-type blood donations.
For Hanna, though, this meant she had to make the unimaginably difficult choice between the surgery she wanted, or the surgery that would give her the best chance at survival.
[5]
The mother of two young children, aged four and two, felt like she had no other choice but to accept the simple mastectomy, leaving her with only one breast.
After being told the surgery was unlikely to go ahead, she reminded the medical staff of her particularly aggressive cancer diagnosis and asked about her remaining options, fearing that after numerous rounds of chemotherapy the cancer would grow again.
"The options were to either wait until the system recovered or to just do the mastectomy-only operation, and for me, I did in the end choose to have the mastectomy only, so this was all just very, very last minute," Hanna told The Register .
"I had no idea when things were going to be OK, the hospital had no idea – they couldn't tell me, so yeah, in the end, I felt like it was the only choice that I could really make because it's an aggressive cancer, I have two young children, I don't want to die. So, yeah, that's what I did.
"But then obviously you wake up and, you know, you just don't have a boob."
With what little time the hospital gave her to make the choice, Hanna asked her friends and other breast cancer survivors for advice. She was met with the universal view that she should take the simple mastectomy to avoid any unnecessary health risks.
Everything about Hanna's treatment changed from there. The duration of her stay was now much shorter and the aftercare provided to her changed given the different procedure.
Hanna said she remembered a feeling of urgency around the hospital at the time, particularly regarding her post-surgery aftercare, which she thought was somewhat rushed. The surgeon started giving her information about wound care immediately after she woke from general anesthesia. She was understandably dozy and unable to retain that kind of information, although the surgeon did later apologize for this.
She doesn't think the hospital was in any kind of frenzied state over the cyberattack, other than her experience of rushed aftercare, which she thinks was more to do with the quick change in procedure rather than the disruption caused by Qilin.
Taking it in stride
Despite the abysmal situation Hanna found herself in, and the stress and upset it caused her, over the phone she appeared in remarkably good spirits, all things considered.
Notably, she said she has no ill feelings toward the National Health Service (NHS) and thought the staff at St Thomas' Hospital treated her well with the necessary care and sympathy.
"Obviously it's difficult because it's such a strange kind of event, and operations do get postponed – that's all understandable, but then, out of all the reasons that you could think of [for an operation to be canceled] this was the last one that I ever considered," said Hanna. "I never thought it was going to be due to a cyberattack by Russian hackers. That was not something that I would have ever thought would happen.
"It's just unforeseen. The people in the NHS, they work very hard to just make sure that everyone gets the care that they need."
Before the incident affected her care, Hanna was aware of cybersecurity and previous attacks on the NHS such as WannaCry back in 2017, but Qilin's work led her to read up on the topic in much greater depth.
Reflecting on the attack, Hanna said she thinks this raises questions about the resilience of the UK's public sector infrastructure.
"I guess there is probably an issue in relation to kind of underfunding. I've noticed that in my care, particularly in relation to the admin and the things around it, and potentially there are issues around cybersecurity.
"Although this was obviously an external company that was the victim of this cyberattack, it does raise questions about cybersecurity and whether there should be additional measures, protocols, or backups to deal with the situation so that you don't get into this kind of trouble."
One of the core aims of the UK's [6]National Cyber Security Strategy (2022-2030) was to have the government's critical functions, which include the delivery of essential public services, significantly hardened to cyberattacks by 2025. However, there has been an ample number of events in recent months to suggest this target is far from being met.
[7]UK and US cops band together to tackle Qilin's ransomware shakedowns
[8]Qilin cyber scum leak data they claim belongs to London hospitals' pathology provider
[9]Qilin: We knew our Synnovis attack would cause a healthcare crisis at London hospitals
[10]London hospitals left in critical condition after ransomware attack
The recent attack on Synnovis is the latest reminder of what happens when mission-critical organizations are breached, but over the last 12 months the UK has seen various other attacks cause significant disruption. From a crippling attack on its government-sponsored [11]national library , to a breach at its [12]Ministry of Defence , a litany of [13]data protection gaffes , and the National Cyber Security Centre (NCSC) [14]voicing concerns over the state of critical infrastructure – the UK's security posture must become more robust.
But that's [15]now a job for Sir Keir Starmer and the Labour Party .
Hanna said she mainly blames Qilin, who previously [16]told The Register they were fully aware of the disruption their attack would cause, for the events that left her without a breast.
Asked what she would say to Qilin's members if she ever met them, Hanna once again showed her strength in handling the difficult situation, bringing light to the matter with her humor.
"I would flash them," she quipped, letting out a laugh. "I would show them a picture of what my body now looks like. This is what you did.
"But, gosh, what would you say to people like that? I think that it's very easy to do something like that from the safety of your computer while you can almost disassociate from it. You can pretend that it isn't real people that you're dealing with."
Road to recovery
Hanna's surgery went well, she is now back home with her children, and preparing to receive an additional course of treatment after her operation to ensure the cancer is fully eradicated.
Qilin: We knew our Synnovis attack would cause a healthcare crisis at London hospitals [17]READ MORE
This will involve another round of chemotherapy alongside some targeted therapy that aims to tackle the specific HER2-positive type of cancer she has.
She also hasn't ruled out opting for breast reconstruction in the future, but said because of the treatment she still needs to go through, it will be at least a year before that becomes an option for her.
One month in
At the time of writing, it's now nearly five weeks since [18]Qilin's attack on Synnovis – a pathology services partnership between Synlab, Guy's and St Thomas' NHS Foundation Trust, and King's College Hospital NHS Foundation Trust.
The most recent [19]update provided by the NHS said disruption to services was still evident across the region, although some services such as outpatient appointments are returning to near-normal levels.
In the last week of data (June 24-30), 1,517 acute outpatient appointments and 136 elective procedures were postponed across the two NHS trusts partnered with Synlab. The total number of postponements for the entire month since the attack took hold (June 3-30) stand at 4,913 for acute outpatient appointments and 1,391 for elective procedures.
Dr Chris Streather, Medical Director for NHS London, said: "I'm incredibly proud of how the NHS in London continues to work to minimize the impact on patients, with staff working hard to maintain patient safety and provide the high-quality care that we strive for across the capital."
He went on to highlight the fact that services were returning to near-normal operation and recognized the added difficulty that last week's industrial action put on staff at the affected hospitals.
Streather also noted that pathology services are now operating at 54 percent of their pre-ransomware attack capacity.
A spokesperson for Guy's and St Thomas' NHS Foundation Trust told The Register : "We're incredibly sorry for the impact the criminal cyber-attack on our pathology provider, Synnovis, had on Johanna's care, and we apologize for any distress this may have caused." ®
Get our [20]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/malwaremonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Zohs@4TlyQ@Dkl@jj4U2HQAAAIo&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/malwaremonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Zohs@4TlyQ@Dkl@jj4U2HQAAAIo&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/malwaremonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Zohs@4TlyQ@Dkl@jj4U2HQAAAIo&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/malwaremonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Zohs@4TlyQ@Dkl@jj4U2HQAAAIo&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/malwaremonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Zohs@4TlyQ@Dkl@jj4U2HQAAAIo&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[6] https://www.theregister.com/2022/01/26/ukgov_latest_cyber_strategy_2030/
[7] https://www.theregister.com/2024/06/25/nca_fbi_qilin_ransomware/
[8] https://www.theregister.com/2024/06/21/qilin_cyber_scum_leak_the/
[9] https://www.theregister.com/2024/06/20/qilin_our_plan_was_to/
[10] https://www.theregister.com/2024/06/04/suspected_cyberattack_hits_major_london/
[11] https://www.theregister.com/2024/05/20/the_british_library_owes_lauded/
[12] https://www.theregister.com/2024/05/08/uk_opens_investigation_into_contractor/
[13] https://www.theregister.com/2023/12/07/losing_track_yet_yet_another/
[14] https://www.theregister.com/2023/11/14/ncsc_cyber_readiness/
[15] https://www.theregister.com/2024/07/05/labour_tech_challenges
[16] https://www.theregister.com/2024/06/20/qilin_our_plan_was_to/
[17] https://www.theregister.com/2024/06/20/qilin_our_plan_was_to/
[18] https://www.theregister.com/2024/06/04/suspected_cyberattack_hits_major_london/
[19] https://www.england.nhs.uk/london/2024/07/04/update-on-cyber-incident-clinical-impact-in-south-east-london-thursday-4-july/
[20] https://whitepapers.theregister.com/
Re: Maybe they did her a favour?
The point is that her free choice was taken away from her. You may have chosen differently in her situation, but it was HER choice, not yours.
Justice
I’m sure if a sizeable bounty was put out, the identity and locations of the people responsible would be quickly forthcoming (i indeed that information is not already known)
And I’m also sure that it’s not beyond the wit of any wealthy and resourceful government to arrange appropriate hits, regardless of where they are located.
All illegal etc etc but wealthy and resourceful governments do dodgy stuff and cover-up illegal stuff all the time. And in cases like this, I’m thinking the vast majority of people would turn a blind eye.
Just sayin’
Re: Justice
Legally speaking, the 'Computer Misuse Act' and other legislation hobbles legitimate cyber-security researchers.
So amend it. Add a clause that 'Any action taken on the Internet against suspected cyber criminals or cyber terrorists by agents of HM Government for the greater good of GB or its allies is permitted'
Add an additional clause that backdates it to the first recorded ransomware attack so anyone who has been convicted but was acting with the best interests of the country or as an agent of HM Government is retroactively exonerated.
Are you listening, Prime Minister Keir Starmer?
Work to hack everything helps.
My experience has been that you can probably work to prevent a ransomware attack by spending a few months working out how to do the ransomware attack on your system yourself. This kind of work helps you understand how an attack is done so that you can work to try and prevent it happening and since you now know how it happens then you will have a good plan to avoid being completely unable to work around an attack when it happens. Backup everything essential into a completely inaccessible environment that can not be seen except by yourself - I did that on my company years ago (we were never hacked) by creating a fully backup of everything on a server ... I have always used my humor so the backup server name was MACAVITY and when everyone on the network (even local workers) tried to access the server they discovered that Macavity wasn't there .... LOL, I love the Cats show and music, but we were prepared to survive a hack.
We were never hacked, I hope that because once I'd learned to hack everything, I was able to see what I needed to do so that I could keep us safe and that worked for me.
As a writer, there’s a statement: if you’ve hit writers block, the problem isn’t in the bit you’re writing; look a paragraph or three back.
What utter nonsense to blame strikes for their failures to give appropriate care. The problem is that some middle manager figured they could save money, and he could get a bonus with this scheme, by deferring upgrades, by skimping to the absolute limit on IT security. This wasn’t last week’s strikes, it was a systemic failure a few paragraphs back, in hopes of “saving money” by not actually doing necessary work.
That last bit blaming strikers for management’s failures is practically criminal responsibility shirking.
In this incident, you are correct, but not everything works the same way as writer's block. There are indeed situations where the last negative event is the cause of the current situation and preventing it before that event occurred was either impossible or impractical. To blame the damage caused by the malware on striking employees is flawed logic, but to claim that a strike won't have negative effects of a different sort is also flawed. You may also want to consider that the statement where the action was mentioned wasn't trying to blame it for the specific incident covered in the article or for the damage caused by ransomware in general. At most, the strike was being blamed for a more difficult recovery from those independent events. You can easily disagree with that allegation, but not if you interpret the statement as trying to blame striking workers for something the ransomware broke, because then you're fighting against something with no defenders.
no. sorry the problem is managers often on high pay are making decisions they have no technical understanding of the consequences. They should be chArged with fraud becauese yet again it shows they are claiing skills they clearly do not have.
they should fire and charge the managers who selected that provider for failing to select a provider with proper procedures.
May the perpetuators get cancer of the knob & it drops off, painful piles & other unpleasant shitty things, and hopefully living in a shit country with no access to healthcare.
Depressing reading just before bed. From someone who themselves is classed as a seriously ill person with a higher cancer risk & others as a side effect symptom (post organ transplant).
Maybe they did her a favour?
That reconstruction procedure was way higher risk even if all the systems had been online.
Sure it was bad to allow the NHS to outsource a critical function to a vulnerable company instead of employing the local Linux consultant, but in this particular specific case she did in fact end up having a safer procedure, albeit not such a nice one....