A senior manager at Eurofins, the UK’s biggest forensic services provider which was hit by a cyber-attack in June, has warned the country to “ready itself” for further attacks.
A ransomware virus infected the firm’s computer systems, laboratory work was suspended for seven weeks and police investigations and trials were delayed.
In his first interview since the incident, Mark Pearse told BBC News it could happen to any organisation.
“It’s a threat to society,” he said.
“There is no sector that’s immune to this,” said Mr Pearse, commercial director of Eurofins in four countries, including Britain.
“We’ve got the transport sector, the energy sector, the health sector, other public organisations, the criminal justice system.
“We’re all vulnerable,” he said.
The cyber-attack affected Eurofins’ IT systems in the 47 countries where it operates.
Mr Pearse said he was first told about it in a call at 05:00, as he was about to catch a flight from Manchester Airport, and spent the day on the phone dealing with the fallout.
“The labs are quite dependent on IT and everything these days is either controlled by IT, all the data is stored on servers, and so the processes quickly came to a grinding halt,” he explained.
Eurofins’ forensic science division in the UK, where it has seven sites and 60% of the market, was especially badly hit, so after consulting police chiefs and senior prosecutors, the company decided to stop accepting samples of blood, DNA and other scientific evidence from suspects, victims and crime scenes.
“It has huge implications,” said Mr Pearse, a molecular cell biologist who used to work for the Metropolitan Police and the state-run Forensic Science Service.
“We’re the biggest private provider so that was quite a decision to make,” he said.
“We do many hundreds, many thousands of cases and samples…
“So very quickly the job in hand was partly to investigate the cyber-incident, and the consequences from an IT perspective… and to provide continuity of service.”
The National Police Chiefs’ Council co-ordinated emergency measures to manage the flow of specimens submitted for analysis so that the most serious cases were given priority by other providers.
“Inevitably, if you take 60% or so of the capacity out of the forensic science sector you can’t carry on as ‘business as usual’,” said Mr Pearse.
“The other suppliers can’t cope with all the work so backlogs, to a limited degree, did build up in police forces.”
Towards the end of July a backlog of 20,000 samples had developed but that has now been cut to around 10,000 as services have returned to normal.
BBC News was told that Eurofins had paid the cyber-criminals a ransom to restore its IT systems but Mr Pearse refused to comment.
“The National Crime Agency is now taking an international lead in the criminal investigation into this crime on Eurofins group and that investigation is ongoing and will probably be ongoing for some months and therefore it’s subject to those usual constraints,” he said.