’This is a stark reminder of the potential for the impact of a cyber attack to spill over to far more serious consequences,’ says partner

Experts have stressed the importance of cyber insurance after London hospitals suffered major disruption due to hackers.

Earlier this month (3 June 2024), a ransomware attack was perpetrated against Synnovis, a pathology laboratory which processes blood tests on behalf of a number of NHS organisations.

King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust were the two most affected trusts, with more than 800 planned operations and 700 outpatient appointments needing to be rearranged. 

Tom Dryden, financial lines and cyber partner at McGill and Partners, told Insurance Times that the attack was ”the latest in a growing trend of attacks on critical infrastructure”.

”Cyber insurance is still low in the UK – 15-20% – [and] lower still for SME businesses,” he said.

“While it doesn’t of course prevent an attack and is just one small element to compliment an overall cyber security strategy, it does help significantly with response and recovery.”

“This is a stark reminder of the potential for the impact of a cyber attack to spill over to far more serious consequences than just financial harm.”

Other incidents

Meanwhile, Paul Gooch, divisional head of large account cyber at Tokio Marine Kiln, explained the recent incident showed that ransomware attacks were on the rise and that the healthcare sector continues to be heavily targeted by ransomware crime groups.

For example, in December 2023, hackers targeted King Edward VII’s Hospital and threatened to leak medical records of members of the Royal Family if a ransom was not paid.

And then in March 2024, a hacking group managed to obtain some patient data from NHS Dumfries and Galloway following a cyber attack.

Meanwhile, research from Node4 revealed that IT decision-makers from the insurance sector felt that ransomware was their top cyber security risk for 2024.

Following the attack against Synnovis, Gooch said: “The extent and duration of the impact of this attack is yet to be seen, but will likely be determined by what type of data has been compromised, as well as the back-up and restoration procedures Synnovis have in place.

“Sadly, the somewhat cliché phrase that it’s “not if, but when” an organisation will fall victim to a cyber-attack is one which we would advise companies to incorporate into their approach to cyber security and so a focus on recovery is just as important as efforts made to prevent the attack in the first place.”