top of page

Critical Incident Response for a pathology services provider

  • nicolaferraritest
  • Mar 20
  • 2 min read

Updated: May 12


The problem

Avella was urgently engaged to assist in incident response and recovery efforts following a severe ransomware attack on a leading pathology services provider. The attack had devastating consequences, disrupting services for over 3,000 hospitals and GP practices. Critical patient data, including names, dates of birth, NHS numbers, and blood test details, was compromised, with nearly 400GB of private information leaked on the darknet as part of an extortion attempt. 


The impact was immediate and severe—within the first week, 800 surgeries and 700 outpatient appointments were cancelled, making this a life-threatening situation.


Solution and Implementation

Recognising the critical nature of the attack, Avella acted swiftly. Within 24 hours, we had deployed a highly qualified CHECK-certified penetration tester on-site, ensuring all onboarding documentation was signed and approved at record speed. This rapid deployment enabled seamless collaboration with the client and its key stakeholders from the outset. 


To support the recovery process effectively, we initially provided a four-day on-site CHECK standard penetration tester, followed by a 16-day remote engagement. Our expert worked closely with both the supply chain provider’s project manager and the security architect to ensure robust security testing before any environment was brought back online. Concurrently, we conducted Azure configuration reviews to further fortify the infrastructure against potential future threats. 


From the start of the engagement, our testers conducted a multi-layered security assessment on the company’s infrastructure.


Results

Avella has maintained continuous engagement, providing penetration testing support through a third-party provider to ensure the security of their recovering systems.  


As they now move into the second phase of its recovery, Avella has been retained to continue providing security expertise to support the organisation by conducting security assessments of newly restored applications as they come online, reinforcing their cyber resilience against future threats. 

bottom of page