A cyberattack on Synnovis [1] [2] [3] [6], the pathology laboratory processing blood tests for NHS organisations in south east London [10], occurred between June 3-9 and was believed to be orchestrated by the Russian Qilin group.


This attack caused significant disruption to NHS services in London [1] [2], affecting King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust [3] [7] [8]. Over 800 planned operations and 700 outpatient appointments were rearranged in the first week [3] [8] [10], including cancer treatments [1] [5] [6], organ transplants [5] [7] [10], and C-sections [5], with disruptions expected to last for months [8]. The ability to process and report blood tests was severely impacted, leading to a reduction in the number of tests processed [1] [4] [5], affecting routine care and blood supplies. NHS England London declared a regional incident [10], coordinating mutual aid and rerouting blood tests to manage the disruption [10]. Trusts are working to mitigate the impact on patients by adding extra weekend clinics and collaborating with other hospitals [8]. Synnovis [1] [2] [3] [4] [5] [6] [7] [8] [9] [10], a partnership between SynLab UK and Ireland [1], Guy’s and St Thomas’ NHS Foundation Trust [1] [3] [7] [8] [9], and King’s College Hospital NHS Foundation Trust [1] [3] [7] [8], is focused on technical recovery [1] [10], with full restoration expected to take time [10]. Health service leaders warned that the disruption is expected to continue for some time [2], with efforts underway to reschedule appointments and treatments as quickly as possible [2]. NHS London is urging patients to attend planned appointments unless contacted by the Trust [1], and St George’s University Hospitals NHS Foundation Trust has accepted patients from affected hospitals to help alleviate the impact of the attack [1]. GPs in south and south east London are also affected [1], unable to carry out routine blood tests [1]. The NHS is working on increasing the number of blood tests it can process per day and has appealed for blood donors and volunteers [8]. Weekly updates on the incident will be provided [10], with the next update scheduled for Friday 21st June [10]. Investigations are ongoing to determine if personal data has been breached [7], with NHS South East London severely impacted and pathology services operating at only 10% capacity. NHS London is urging blood donors with type O blood to come forward to alleviate pressure on services [7]. Concerns were raised about vulnerabilities in IT systems and third-party interfaces like Synnovis, highlighting the increasing threat of ransomware to hospitals for their sensitive medical data and extensive third-party equipment providers [9]. Synnovis CEO Mark Dollar emphasized the importance of cybersecurity measures in light of the attack [9].


The cyberattack on Synnovis has had significant impacts on NHS services in south east London, with disruptions expected to last for months [8]. Efforts are underway to mitigate the impact on patients [8], with additional clinics and collaborations with other hospitals being implemented. The incident highlights the importance of cybersecurity measures in protecting sensitive medical data and the increasing threat of ransomware to hospitals. Moving forward, it is crucial for healthcare organizations to strengthen their IT systems and third-party interfaces to prevent future attacks.


[1] https://www.standard.co.uk/news/health/synnovis-nhs-cyber-attack-operations-appointments-cancelled-b1164512.html
[2] https://www.standard.co.uk/news/tech/nhs-london-russian-people-england-b1164493.html
[3] https://cdn-www.shropshirestar.mna.arcpublishing.com/news/uk-news/2024/06/14/hundreds-of-operations-and-appointments-cancelled-in-week-after-nhs-cyber-attack/
[4] https://www.techworm.net/2024/06/operations-cancel-london-hospital-ransomware-attack.html
[5] https://finance.yahoo.com/news/london-hospital-hack-delayed-more-170926617.html
[6] https://www.digitalhealth.net/2024/06/more-than-800-operations-postponed-since-london-cyber-attack/
[7] https://www.yahoo.com/news/cyber-attack-health-forces-axing-181206206.html
[8] https://www.infosecurity-magazine.com/news/london-ransomware1500-cancelled/
[9] https://www.techradar.com/pro/london-hospital-vulnerabilities-were-known-years-before-cyberattack
[10] https://www.england.nhs.uk/london/2024/06/14/update-on-cyber-incident-clinical-impact-in-south-east-london-friday-14-june-2024/