London NHS cyberattack linked to patient death amid ongoing fallout from ransomware breach

A ransomware attack on London-based pathology provider Synnovis last year has been identified as a contributing factor in the unexpected death of a patient, the National Health Service (NHS) has confirmed. The attack, attributed to the Russian-speaking Qilin cybercrime group, caused widespread disruption to blood testing and diagnostic services across multiple hospitals in the capital.

The cyberattack, which occurred in June 2024, significantly hampered operations at several NHS trusts, delaying critical test results. A spokesperson for King’s College Hospital NHS Foundation Trust told the Health Service Journal that one patient died during the incident, and a detailed safety investigation found that the delay in receiving blood test results was among “a number of contributing factors.”

“The patient safety incident investigation identified a number of contributing factors that led to the patient’s death. This included a long wait for a blood test result due to the cyberattack impacting pathology services at the time,” the spokesperson said. The patient’s family has been informed of the findings, but further details remain confidential to protect their privacy.

In a public statement, Synnovis CEO Mark Dollar expressed condolences: “We are deeply saddened to hear that last year’s criminal cyberattack has been identified as one of the contributing factors that led to this patient’s death. Our hearts go out to the family involved.”

This incident is part of a growing list of cyberattacks affecting NHS operations in 2024 that have been formally recognized as posing risks to patient safety. In addition to the Synnovis breach, a separate attack targeting Wirral University Teaching Hospital NHS Foundation Trust reportedly delayed critical cancer treatments.

Beyond service disruption, the Synnovis ransomware attack led to the exposure of personal and medical data belonging to more than 900,000 individuals. The cybercriminals employed extortion tactics by leaking pathology results, including highly sensitive information such as diagnoses related to cancer and sexually transmitted infections. An analysis conducted by breach response firm CaseMatrix revealed that names, dates of birth, NHS numbers, and contact details were released, along with pathology and histology forms shared between healthcare institutions.

Despite the breach occurring over a year ago, affected individuals have yet to be formally notified of what specific data of theirs was compromised. Synnovis recently acknowledged the delays, stating that the internal investigation is nearing completion and that preparations are underway to notify impacted organizations and patients appropriately.

The fallout from the attack also disrupted national blood supplies. The inability to perform blood group matching due to diagnostic delays forced hospitals to rely heavily on universal donor types, leading to a critical drop in stock levels. Some facilities were reportedly close to limiting transfusions to emergency cases only. Earlier this month, the NHS issued another appeal for blood donations, as stock levels have yet to recover.