NHS Supplier Targeted in Cyber Attack by Pro-Iran Hackers

Key Takeaways

A cyber attack by the pro-Iran group Handala disrupted the supply of medical products to the NHS.
Stryker, the affected US MedTech firm, reported data corruption and operational delays but confirmed no ransomware involvement.
Experts are calling for a national review of NHS cyber security to enhance protection against future threats.

Cyber Attack Disrupts NHS Medical Supplies

A recent cyber attack executed by the pro-Iran group Handala has impacted the supply chain for medical equipment to the NHS. The incident occurred on 11 March when Handala breached the IT systems of Stryker, a US MedTech company. As a result, orders for critical items, including defibrillators and oral swabs necessary for infection diagnosis, were paused across UK hospitals.

Handala justified its cyber actions on Telegram, claiming the attack was a direct response to the US bombing of a primary school in Minab, Iran, which tragically killed 168 individuals, predominantly children. The group alleged it executed a destructive “wiper” attack that compromised over 200,000 systems and resulted in the theft of approximately 50 terabytes of internal data. However, these claims have not been independently verified.

In response to the breach, NHS Supply Chain announced that certain products would be subject to “control demand management,” allowing NHS administrators to oversee the allocation of these medical supplies, which are now critically limited. They assured that they are actively collaborating with Stryker to minimize the disruption and maintain normal system operations. Further updates on the availability of products and placing orders will be provided soon.

Stryker acknowledged the cyber incident in a statement on its website on 13 March, confirming a global network disruption linked to their Microsoft environment. They indicated that there is currently no evidence of ransomware or malware and are treating the incident as contained. However, they admitted that order processing, manufacturing, and shipping have faced significant disruptions due to the attack.

As part of their recovery efforts, Stryker has implemented business continuity measures to support its clients and partners. They are also working closely with law enforcement and government agencies to investigate the scope of the attack.

By 15 March, Stryker reported that the incident had been contained and that efforts to restore their systems were advancing steadily. Meanwhile, NHS Supply Chain established an incident management team and is in dialogue with NHS England and the Department of Health and Social Care, which have engaged the National Supply Disruption Response team to create a coordinated response.

Experts have expressed concern about the vulnerability of NHS suppliers to cyber threats. Dr Saif Abed, a founding partner at The AbedGraham Group, emphasized that critical suppliers are often caught in the crossfire of geopolitical conflicts. He argued for urgent political leadership to initiate a national review assessing NHS cyber security, resilience, and patient safety, asserting that readiness to handle potential cyber disruptions should be prioritized as a critical component of public health infrastructure.

The content above is a summary. For more details, see the source article.