NHS provider confirms publication of ‘patient-identifiable data’ following cyberattack


Synnovis reveals that, while it has not yet found evidence of leaked information from primary  clinical systems, it has discovered that ‘our administrative working drive has been posted’ in part

The NHS provider that suffered a serious cyberattack earlier this month has confirmed that some “patient-identifiable” data has been released by the perpetrators.

The ransomware assault on pathology specialist Synnovis – which is a joint venture between diagnostics firm Synlab and two London hospital trusts – has been attributed to Russian criminal group Qilin. The cyber gang last week claimed that it had published on the dark web about 400GB of sensitive data, comprising around 300 million individual pieces of information.

In an update released this week, Synnovis said that it has “now been able to confirm that this data was stolen from Synnovis’ systems”.

The pathology specialist said that it is “too soon to be able to confirm the exact nature of the information” accessed by attackers. But, the findings of a “limited and initial review” had uncovered that “our administrative working drive has been posted in partial and fragmented form, [and] this will contain some fragments of patient identifiable data”.

“Understanding this is our current priority,” the update added.

Synnovis, whose core NHS partners are Guy’s and St Thomas’ and King’s College hospital trusts, said that it has found “no evidence” so far of publication of information from its “main systems holding… patient test requests and results”.


Related content


It added: “The area where we store payroll information has not been published, but more needs to be done to review other data that has been published relating to our employees.”

The two trusts that have been primarily affected conduct a total of 3.6 million patient engagements each year – equating to 10,000 every day. In response to the confirmation that patient data has been leaked, NHS England issued a statement advising that: “we understand people may be concerned by this, and Synnovis are working at pace to carry out the further analysis required to understand the full scale and nature of the data released and patients impacted”.

“As more detail becomes available through Synnovis’ full investigation, the NHS will continue to provide updates and a helpline [available on 0345 877 8967] has been set up to support people,” it added. “Investigations of this type are complex and can take time. Given the complexity of the investigation it may be some weeks before it is clear which individuals have been impacted. Local health systems will continue to work together to manage the impact on patients with additional resources put in to ensure urgent blood samples can still be processed, while laboratories are now able to see historic patient records. Patients should continue to attend their appointments unless they have been told otherwise and should access urgent care as they usually would.”

It was revealed last week that the fallout from the incident has caused more than 3,000 appointments and operations to be postponed – including 184 cancer treatments.

During the first week after the attack, pathology services across the south-east London region were operating at only 10% of their typical capacity. This figure rose somewhat in the second week, but remained at only 30%, according to NHS data. The difficulties caused by the incident have resulted in the NHS making an urgent plea for blood donations from those with type O blood – which can be safely used in all patients, minimising the need for pathology checks.

Sam Trendall

Learn More →

Leave a Reply

Your email address will not be published. Required fields are marked *