Cyber attack on pathology provider disrupts services at Guy’s and St Thomas’ and King’s College Hospital

Hospitals in London have declared a critical incident following a cyber attack (Monday 3 June) which has made a significant impact on the delivery of services at Guy’s and St Thomas’, King’s College Hospital NHS and primary care services in south east London.

The attack has targeted Synnovis, a provider of lab services, with some activity already cancelled or redirected to other providers.

NHS England has released a statement highlighting that urgent work is being prioritised with emergency care still available. Patients are encouraged to continue attending appointments unless they are told otherwise, with NHSE noting that further updates will be provided for local patients and the public regarding the impact on services.

Additionally, NHSE notes that “NHS providers have tried and tested business continuity plans for instances like this, which includes offering mutual aid.”

A spokesperson for NHS England London region comments: “We are working urgently to fully understand the impact of the incident with the support of the government’s National Cyber Security Centre and our Cyber Operations team.”

In March, we highlighted NHS Dumfries and Galloway’s experience of a “focused and ongoing cyber attack” which saw the organisation working with partner agencies to ensure the security of systems and to adapt to the disruption.

On an international scale, HTN also reported how UnitedHealth Group confirmed a threat actor gained access to its tech division Change Healthcare in February this year, which supports pharmacies and hospitals across the US.

In other news around cyber security, we explored NHSE’s guidance on network segmentation for healthcare staff members responsible for the architecture, design, implementation and maintenance of their network security, which shares oversight of how network segmentation can prevent or mitigate lateral movement across a network in the event of a cyber attack.