NHS Trusts cancelled over 6,000 appointments after Qilin cyber attack

The two central London NHS Trusts affected by the Qilin ransomware attack on pathology lab partner Synnovis are still cancelling over a thousand appointments and hundreds of medical procedures every week as disruption from the incident continues over a month after the initial attack.

During the week ending 7 July 2024, NHS England London reported Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospital NHS Foundation Trust were forced to postpone 1,286 acute outpatient appointments and 100 elective procedures. In the past five weeks, 6,199 acute outpatient appointments and 1,491 elective procedures have been postponed.

However, there are signs that the numbers are moving in the right direction as the process of recovering disrupted services continues. Chris Streather, NHS London medical director, said: “We are starting to see a reduction in the number of acute outpatient appointments and elective procedures being postponed, with 136 elective procedures postponed last week compared to 814 in the first week of the cyber attack.

“This is still having a significant impact on patients, and I understand it is distressing when a procedure is postponed. Across the capital we continue to work with our NHS colleagues to provide mutual aid to ensure minimal disruption to people’s care, especially in south-east London. Working in partnership, NHS organisations across London are developing plans for the restoration of services,” added Streather.

NHS England London said that five of the postponed elective procedures were for cancer treatments, compared to 13 in the previous seven-day period, and in 30 cases, organs for transplant had to be diverted for use by other trusts, compared to 29 a week earlier.

More broadly, south-east London pathology services are currently running at 54% capacity, with blood tests the most severely impacted. GP referrals for services and testing continue to be significantly disrupted, and the health service said it was prioritising the most important referrals for blood sciences – haematology, biochemistry, immunology and virology – while a near-normal service is operating for histology, which tests for infections, cancer and other diseases, and cervical smears.

NHS England London reiterated previous calls for O-positive and O-negative blood donors to come forward to top up stocks.

Guy’s and St Thomas’ and King’s College Trusts, as well as South London and Maudsley NHS Foundation Trust, remain in a critical incident, while other affected bodies, Oxleas NHS Foundation Trust, Lewisham and Greenwich NHS Trust, Bromley Healthcare, and some primary care services in south-east London “continue to be significantly impacted and involved in the incident response”.

In all other regards, NHS England London said urgent and emergency services should be used as normal, by dialling 999 in an emergency or the 111 phone or online services, including the NHS App.

Meanwhile, the investigation at Synnovis continues. The organisation, a joint venture between Guy’s and St Thomas’, King’s College and Synlab has already suffered a major data leak after standing firm in the face of Qilin’s extortion attempt.

The leaked data has since been confirmed as a partial copy of content pilfered from Synnovis’ administrative working drives, which held information supporting its corporate and business support activities. Some of it does appear to contain personal data including names, NHS numbers and test codes, and some of it may relate to Synnovis employees. However, the format and partial nature of the stolen material is making it hard to interpret, and a full analysis is still ongoing.

In its most recent update on 1 July, Synnovis said that Qilin’s attack had affected almost all its IT systems, and as such it is now taking a phased approach to restoring its devastated infrastructure – this is being prioritised by clinical criticality, and will likely take some time.

It has already taken delivery of new middleware at Guy’s and St Thomas’ and King’s College and this is helping improve capacity at its central Blackfriars hub. It has also rolled out mutual aid across the six affected London boroughs to improve testing capacity, enlisting its parent Synlab UK and Ireland to press its labs into service. Support has also been forthcoming from Synlab’s other global operations.

Synnovis said a full restoration of its systems would take some time, and it is continuing to work both with NHS England’s Cyber Operations Team and the National Cyber Security Centre on the investigation..

“We are very aware of the impact and upset this incident is causing to patients, service users and frontline NHS colleagues, and for that I am truly sorry. While progress has been made, there is much yet to do, both on the forensic IT investigation and the technical recovery. We are working as fast as we can and will keep our service users, employees and partners updated,” said Synnovis CEO Mark Dollar.