Patient data reportedly published online following cyber attack in London, with significant disruption expected

A cyber criminal group claims to have published data stolen as part of the attack earlier this month on Synnovis, a pathology laboratory which processes blood tests on behalf of a number of NHS organisations, with NHS England stating that it hasn’t “yet been able to verify what has been stolen or the claims made by the cyber criminals” and noting that “full technical restoration will take some time”.

The National Crime Agency and National Cyber Security Centre are reportedly working to verify the data included in the published files, a process which NHSE refers to as “highly complex” and potentially taking “weeks if not longer” to complete. NHSE has stated that plans are in place to begin restoring “some functionality” to the affected IT system in the coming weeks.

The ransomware attack targeted pathology laboratory Synnovis, with services at Guy’s and St Thomas’ and King’s College Hospital affected along with a range of primary care services in south east London.

Due to the attack, the NHS is unable to use some of the systems required to run blood tests in this area, which has resulted in postponement of appointments and operations affected by the attack. Additionally, some of the unprocessed samples that were stored in the Synnovis labs are said to be no longer suitable for analysis and re-testing will be required as a result, with Synnovis working alongside NHS trusts and GP practices to determine who will be affected by this. It is expected that the disruption caused by the attack will be significant and “felt over coming months”.

However, NHSE notes that Synnovis “still have a copy of the data encrypted in the incident, and so historic test results will be available to clinicians once the IT systems are restored.”

Urgent and emergency care services remain open as usual in the region, though NHSE acknowledges that there may be delays if blood tests are required. Services such as outpatients and community services are said to be “mostly running as usual”, with patients encouraged to attend appointments as usual unless they have heard from their provider.

Along with providing advice for patients around cyber safety, NHSE clarifies: “There is no suggestion the criminals have gained access to the NHS email system. However, we would remind you that you will not receive unexpected contact from the NHS asking for personal or financial information.”

A helpline has been established to answer questions about the cyber attack, with updates to be published on the NHS Digital website.

Last week, HTN highlighted an update from NHS Dumfries & Galloway’s chief executive on a cyber attack which led to stolen files being published on the internet.