Scottish Police Authority puts work ‘on hold’ after forensics supplier hit by cyber attack

The Scottish Police Authority has put a contract with a forensics services company ‘on hold’ after the supplier was hit by a cyber attack.

Eurofins Scientific, a worldwide supplier of laboratory services with 800 labs in 47 countries, was hit by a ransomware attack last month.

The organisation, which has its headquarters in Luxembourg, handles biology cases that police forensics examiners cannot process internally.

It was awarded a £5m contract – along with another supplier – last September as SPA Forensic Services sought to address a number of resourcing issues.

An SPA spokesperson said: “Due to the increasing complexity of biology cases being received in recent years, SPA Forensic Services put in place a number of initiatives to address their workload. This included recruiting a number of additional forensic scientists and during the recruitment and training of the new staff, outsourcing a small percentage of biology cases received by SPA Forensic Services.

“Following a competitive tender process, Eurofins and another provider were awarded a joint contract and began processing biology cases on behalf of the SPA Forensic Services in September 2018. We are working closely with Eurofins to understand what impact this cyber attack may have on the handful of outstanding cases still being processed by the company.”

It is understood that data from 16 cases was thought to be ‘stuck’ in the Eurofins system at the time of the ransomware attack – by a ‘new malware variant’, according to Eurofins – but that figure has now been established as much lower. Stuck in this context means the SPA believes the data to be intact but cannot access it until Eurofins completes its investigation into the breach.

Scottish Police Authority members were presented with the results of a performance report into forensics services last week.

The report notes that: “Demand changes across the business have been constant though, there is increased demand for Biology services, particularly in respect of major crime, which has driven this increased workload.”

“Particularly in Biology, the increase is the serious crime cases which are more demanding of staff time, given the complexity of the examination, especially in murder cases.”

The start of the 2019/20 year has also seen an increased demand for serious crime forensic services and drugs analysis.

The report highlighted the high-profile and lengthy investigation into a Glasgow gangland case, which saw six men jailed for a total of 104 years in May having being found guilty of plotting attempts to kill five men linked to a rival gang. The successful investigation, which ran for 18 months, required a ‘extensive’ work by forensics scenes examiners and presentation at court.

The note within the report citing the Eurofins incident is as follows: “Biology has been using Eurofins Scientific to provide external support for casework. Work with Eurofins has been put on hold owing to a cyber attack on the Eurofins business over the weekend of the 1 June 2019. It is understood that no data from any Forensic Services case has been lost, there has been found to be no risk to the organisation.”

In the meantime any additional casework that cannot be processed internally will go to the other supplier within the contract, which lasts for two years, with the option to extend by another year.

Since September 2013, less than 5% of the biology caseload processed by the SPA has been sent to Eurofins for processing, an SPA spokesperson added.