News Hub

Cybercriminals publish data from NHS hospital cyberattack online

Written by Tue 25 Jun 2024

NHS England has announced its patient data managed by pathology services organisation, Synnovis, was stolen in a cyberattack on 3 June.

Synnovis said an analysis of the data is underway and will be conducted by technical experts to confirm what information it contains.

“Unfortunately, it is too soon to be able to confirm the exact nature of the information and the organisations and individuals it relates to,” said Synnovis.

The pathology organisation said from a limited and initial review, the current understanding is that there was no evidence that Laboratory Information Management Systems (the software that supports laboratory operations) databases had been posted. These are the main systems holding the patient test requests and results.

However, the Synnovis’ administrative working drive has been posted in partial and fragmented form. This will contain some fragments of patient identifiable data. Understanding this is the organisation’s current priority.

Synnovis also confirmed that the storage area for payroll information has not been published. However, more effort is needed to review the published data related to the employees.

“We and the technical experts who are supporting us are working as fast as we can to try to be able to confirm more details and appreciate that waiting will potentially cause people some concern. We will keep our service users, employees and partners updated as the investigation progresses,” added Synnovis.

Next Steps 

NHS England added that investigations of this type are complex and can take time. Given the complexity of the investigation it may be some weeks before it is clear which individuals have been impacted.

The NHS emphasised local health systems will collaborate to manage the impact on patients, ensuring urgent blood samples are processed. Additional resources have been allocated, and laboratories can now access historic patient records.

Patients have been directed to continue to attend their appointments unless they have been told otherwise and should access urgent care as they usually would.

The London Hospital Attack

A serious cyberattack on 3 June led to several hospitals in London, including King’s College Hospital, Guy’s and St Thomas’, being forced to cancel operations.

A range of primary care services, blood transfusions and test results have been disrupted after Synnovis, a provider of lab services, became the victim of a ransomware attack.

A number of GP services in London boroughs were also impacted by the cyberattack, with many cancelling blood tests and other routine appointments. According to the former Chief Executive of the National Cyber Security Centre, Ciaran Martin, Russian cybercriminals are believed to be responsible for the attacks.

The group called Qilin, that previously hacked carmakers and the Big Issue, is said to be behind this hack and appears to be motivated by ransom payment, as opposed to political goals.

Join Tech Show Paris

27-28 November 2024, Porte de Versailles, Paris

Be a part of the latest tech conversations and discover pioneering innovations in Paris.

Don’t miss one of the most exciting technology events of the year for France.

Written by Tue 25 Jun 2024

Send us a correction Send us a news tip