ipopba - stock.adobe.com

NHS services at major London hospitals disrupted by cyber attack

A major cyber attack at NHS services provider Synnovis is disrupting frontline care at hospitals across London

NHS services at London’s Guy’s and St Thomas’ and King’s College hospitals and other sites in the capital have been disrupted, and a major incident declared, after a cyber attack hit partner Synnovis – which provides laboratory and diagnostic services to NHS sites across several London boroughs.

The incident appears to have been first detected on Monday 3 June, according to messages circulating on social media services. Details of the precise nature of the incident have not been officially disclosed, although according to The Independent, Synnovis has acknowledged that its IT systems were hit by a “malware attack”.

In a letter to staff, which has been reviewed by Computer Weekly, Guy’s and St Thomas’ NHS Foundation Trust chief executive Ian Abbs said Synnovis had experienced a “major IT incident” that had caused the Trust to lose connectivity to its network.

“This is having a major impact on the delivery of our services, with blood transfusions being particularly affected,” he said. “Some activity has already been cancelled or redirected to other providers at short notice as we prioritise the clinical work that we are able to safely carry out.

“I recognise how upsetting this is for patients and families whose care has been affected, and how difficult and frustrating this is for you all. I am very sorry for the disruption this is causing.”

According to Abbs, an incident response structure has now been established to put contingency plans into action, with representation from all clinical groups present. Staffers are being asked to direct any clinical or operational questions to their clinical group or directorate leadership as needed.

Although no further detail has been provided of the precise nature of the cyber attack on Synnovis, there is a good chance the organisation will turn out to have been hit by a ransomware gang.

Read more about security in healthcare

  • Data stolen from an earlier attack on NHS Dumfries and Galloway has been leaked by a ransomware gang that claims to be in possession of much more content.
  • Charities and healthcare organisations that work with people living with HIV to do better when it comes to protecting their personal data, after the HIV status of more than 100 people was accidentally disclosed.
  • No patient deaths have been definitively attributed to cyber attacks on hospitals, but some infosec experts say that statistical evidence shows a different, grim reality.

Synnovis’s parent, Synlab Europe, experienced significant disruption to its Italian operations in April 2024, which caused similar clinical service delays at Italian hospitals, after a Black Basta ransomware attack. No link between the two incidents has been established at the time of writing.

Andrew Brown of software and digital transformation consultancy PropelTech said: “It is far too soon to speculate on who could be behind the attack, but understandably the NHS is a prime target for bad actors.

“At this point, Synnovis will likely have all hands on deck to regain control of the affected systems. Their first priority will be to contain the attack if possible … and quarantine affected networks and systems,” he told Computer Weekly in emailed comments.

“Once this is done, they will need to start assessing the damage and restoring impacted services as quickly as possible. Only after that will they be able to begin investigating what allowed this to happen.”

Read more on Hackers and cybercrime prevention