Scale of Synnovis breach widens as Essex NHS Trust comes forward
Mid and South Essex NHS Foundation Trust has become the latest NHS body to confirm data on its patients was stolen in a 2024 ransomware attack on lab services partner Synnovis
Mid and South Essex NHS Foundation Trust (MSE), which is responsible for sites in Chelmsford, Basildon and Southend, is to contact an unspecified number of its patients whose personal data was stolen in the 2024 Qilin ransomware attack on NHS lab services partner Synnovis.
However, while the basic facts of the incident were quickly established, it took nearly 18 months for Synnovis to complete its full forensic investigation and to begin to inform downstream NHS organisations that their patients’ data was compromised. MSE was among those bodies informed towards the end of 2025, and it has since conducted its own investigation into the breach.
MSE deputy chief executive Dawn Scawfield said: “Records relating to patients who had a mixture of specialist diagnostic tests were affected. Some data is not directly linked to patients, so we are still waiting for confirmation on exact numbers. Once we have established who those patients are, we will be in contact with any who have been affected.”
At the time of writing, Computer Weekly understands that approximately 2,380 records are involved, and that while the exact time period during which the affected tests were conducted is yet to be determined, all of the exposed data relates to tests taken before 3 June 2024, the approximate date of the Synnovis attack.
Number of breaches may grow
At this point in time, it is not publicly known how many other NHS trusts are impacted, although it is thought likely that others will come forward.
Perhaps the most dangerous aspect of these timelines is the signal they send. Slow response in a data-rich industry is a clear signal that attacks can be carried out without consequence for years
Lee Sult, Binalyze
In this instance, the data appeared to be from historic testing done before November 2020. However, the trust said, the records themselves are fragmented, incomplete and dispersed throughout multiple files, so it is hard to interpret them accurately.
Lee Sult, chief investigator at threat intelligence platform Binalyze, said the most worrying aspect of the Synnovis incident was the length of time it has taken to establish the true nature and extent of the stolen data.
“If we’re still trying to determine the true scale two years later, it’s less an investigation than a slow-burn crisis. Every month that passes is time NHS numbers, names, dates of birth and test results sit in criminal hands – and nobody knows what’s being done with them,” he said.
“Perhaps the most dangerous aspect of these timelines is the signal they send. Slow detection, fragmented investigations and delayed disclosures advertise weakness. State-backed threat actors and organised cyber criminal groups act based on opportunity. Slow response in a data-rich industry is a clear signal that attacks can be carried out without consequence for years.”
Read more about the Synnovis incident
Synnovis, the pathology lab services provider hit by a Qilin ransomware attack in 2024, is notifying its NHS partners that their patient data was compromised, following a lengthy investigation.
More cyber attacks against the health service are likely, and will succeed if something isn’t done to address the increasingly elderly NHS IT estate, experts are warning.
The two NHS trusts most heavily impacted by the Qilin ransomware attack on pathology services provider Synnovis have cancelled over 6,000 appointments and procedures in the past five weeks.
Read more on Data breach incident management and recovery
