Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

NHS cyber attack data taken from Synnovis system, provider confirms

Synnovis, which provides services to NHS trusts and GP services, primarily in south-east London, was the victim of a cyber attack on June 3.

Harry Stedman
Monday 24 June 2024 17:54 BST
King’s College Hospital was among those affected by the cyber attack (Andy Hepburn/PA)
King’s College Hospital was among those affected by the cyber attack (Andy Hepburn/PA) (PA Archive)

Your support helps us to tell the story

This election is still a dead heat, according to most polls. In a fight with such wafer-thin margins, we need reporters on the ground talking to the people Trump and Harris are courting. Your support allows us to keep sending journalists to the story.

The Independent is trusted by 27 million Americans from across the entire political spectrum every month. Unlike many other quality news outlets, we choose not to lock you out of our reporting and analysis with paywalls. But quality journalism must still be paid for.

Help us keep bring these critical stories to light. Your support makes all the difference.

Data from a ransomware attack on NHS provider Synnovis has been confirmed as having come from the service, NHS England has said.

Synnovis, which manages blood tests for NHS trusts and GP services, primarily in south-east London, was the victim of a cyber attack – understood to have been carried out by Russian group Qilin – on June 3.

NHS England said the data was then published online by the group on Friday.

Hundreds of operations and appointments have been cancelled in the weeks since the incident.

In a statement on Monday, NHS England said there was “no evidence” the cyber criminals had published an entire database, but that it could take “some weeks” to learn which people were impacted by the attack.

It said: “NHS England continues to work with Synnovis and the National Crime Agency to respond to the criminal ransomware attack on Synnovis systems.

“Synnovis has now confirmed through an initial analysis that the data published by a cyber crime group has been stolen from some of their systems.

“We understand people may be concerned by this, and Synnovis are working at pace to carry out the further analysis required to understand the full scale and nature of the data released and patients impacted.

“At present, Synnovis has confirmed there is no evidence the cyber criminals have published a copy of the database (Laboratory Information Management System) where patient test requests and results are stored, although their investigations are ongoing.”

According to the BBC, Qilin shared almost 400GB of data – including patient names, dates of birth, NHS numbers and descriptions of blood tests – on their darknet site and Telegram channel.

Spreadsheets containing financial arrangements between hospitals and GP services and Synnovis were also published, the BBC reported.

NHS England said: “Investigations of this type are complex and can take time. Given the complexity of the investigation it may be some weeks before it is clear which individuals have been impacted.”

It added that local health systems will work together with additional resources to reduce impact on patients and process urgent blood samples.

Between June 10 and 16, the second week after the attack, more than 320 planned operations and 1,294 outpatient appointments were postponed at King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust.

The number of rearranged planned operations had gone down by 494 since the first week after the attack, June 3-9, but the number of missed outpatient appointments had increased by 394.

The total as of June 20 was 1,134 planned operations and 2,194 outpatient appointments postponed, according to NHS England.

Patients have been told to continue attending appointments unless told otherwise while urgent care is available as usual.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in