Cyberattack on NHS third-party supplier Synnovis causes further cancelled operations

The cyberattack against pathology provider Synnovis, which serves two major NHS hospital trusts in London, has triggered the cancellation of 1,255 operations and 3,396 outpatient appointments in the period from 3 June to 23 June, according to new data released by the NHS.

Disruption continues from the cyberattack, which was carried out by ransomware gang Qilin. NHS London said it has put in place mutual aid agreements to meet urgent patient demand, with pathology services operating at 45% capacity. NHS London said the cyberattack has had a significant impact on GP services.

More than 200 operations were cancelled last week at hospitals ran by the King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust, as well as 1,300 outpatient appointments. A joint statement from both trusts said strike action by junior doctors was also causing disruption.

“We are continuing to manage the cyberattack as a critical incident across both trusts, and we have also put measures in place to ensure we limit the disruption to patients resulting from the industrial action this week and next,” they said.

Adding: “We are having to postpone a number of operations and appointments at present.”

The BBC reported Qilin published 400GB of data stolen in the cyberattack on the darknet, including personal information and blood test details. Qilin told technology news publication The Register that the cyberattack against Synnovis was “not accidental” and that it understood the implications of targeting a major healthcare provider, citing political motivations.

Synnovis confirmed that data stolen from its systems was published online. It said there is no evidence that its database was posted in full but explained that parts of its administrative working drive containing patient data had been published. It added that payroll information about its employees has not been published.

Back to top button