A ransomware attack that struck Synnovis in June 2024 continues to disrupt healthcare services across South East London more than 18 months later, with at least one NHS trust still operating without fully restored systems and facing significant backlogs in patient test results. The prolonged impact highlights ongoing vulnerabilities in healthcare infrastructure and raises concerns over patient safety and operational resilience.
The cyberattack, attributed to the Qilin ransomware group, severely affected blood testing services across the region, forcing hospitals to cancel operations, delay treatments, and manage strained blood supplies. Officials at the time described the situation as “very fragile,” with warnings that only the most critical transfusions could be prioritized.
Beyond operational disruption, the attack also involved the theft and publication of sensitive patient data. Reports indicate that information belonging to nearly one million NHS patients may have been exposed, including individuals with serious conditions such as cancer and sexually transmitted infections. Many affected patients were not notified until late 2025, further intensifying scrutiny around incident response and communication practices.
Despite NHS England stating that services had been restored by the end of 2024, internal documents and freedom of information responses reveal that recovery remains incomplete in some areas. At South London and Maudsley NHS Foundation Trust (SLaM), pathology systems are still not fully operational, with staff continuing to rely on manual processes, including paper-based reporting and delayed data entry.
The trust reported that as of early January 2026, approximately 161,560 pathology reports had yet to be entered into patient records. Clinicians have been advised not to depend on timely test results, with critical findings communicated via phone and full reports delivered manually as PDFs or paper documents before being uploaded into systems.
Professor Derek Tracy, Chief Medical Officer at SLaM, acknowledged the challenges caused by the disruption, stating that while the situation has placed strain on staff and services, teams have worked extensively to mitigate risks and maintain continuity of care.
However, these temporary measures have introduced new risks, including delays, transcription errors, and the potential for patient misidentification. The trust recorded 122 patient safety incidents linked to incorrect, delayed, or unavailable pathology results as of January 2026.
The broader impact of the attack has varied across NHS organizations. Lewisham and Greenwich NHS Trust reported more than 11,000 canceled appointments, while Guy’s and St Thomas’ NHS Foundation Trust reported no recorded harm, reflecting inconsistencies in how disruptions have been measured and managed.
At King’s College Hospital NHS Foundation Trust, the most serious reported outcome included a patient death in which the cyberattack was identified as a contributing factor. While officials noted that it was not possible to determine direct causation, delays in receiving critical blood test results were among the contributing elements in what was described as a complex clinical case.
NHS South East London stated that most affected organizations are no longer experiencing active disruption and that IT infrastructure has largely been rebuilt. However, it acknowledged that analysis of the incident is still ongoing and did not provide detailed assessments of long-term impact.
The Information Commissioner’s Office (ICO) confirmed that its investigation into the Synnovis breach remains ongoing but declined to comment further on the case.
The incident underscores the growing threat posed by ransomware attacks on healthcare systems, particularly those dependent on interconnected digital infrastructure and third-party providers. As recovery efforts continue, the Synnovis attack serves as a stark reminder of the cascading consequences cyber incidents can have on patient care, operational continuity, and data security within critical healthcare environments.
Recommended Cyber Technology News :
- Ransomware Breach at Cookeville Hospital Affects 338K
- Black Shrantac Targets Industrial Systems with Stealth Ransomware
- JanaWare Ransomware Targets Turkish Citizens
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
