Qilin ransomware attack disrupts London NHS Services; 6,000 appointments canceled

Over a month after a Qilin ransomware attack targeted the pathology lab partner Synnovis, two central London NHS Trusts—Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospital NHS Foundation Trust—are still grappling with significant disruptions, leading to the cancellation of over a thousand appointments and hundreds of medical procedures weekly.

 

During the week ending July 7, 2024, NHS England London reported 1,286 acute outpatient appointments and 100 elective procedures were postponed. The attack has postponed 6,199 acute outpatient appointments and 1,491 elective procedures in the past five weeks.

 

Chris Streather, NHS London medical director, noted improvements, stating, “We are starting to see a reduction in the number of acute outpatient appointments and elective procedures being postponed, with 136 elective procedures postponed last week compared to 814 in the first week of the cyber attack.” Despite this progress, Streather acknowledged the ongoing significant impact on patients and emphasized continued efforts to minimize disruption and restore services.

 

The attack has severely impacted southeast London pathology services, which operate at 54% capacity, with blood tests most affected. GP referrals for services and testing are significantly disrupted. NHS England London is prioritizing the most critical referrals for blood sciences, while histology services, including tests for infections and cancer, are nearly normal.

 

NHS England London has reiterated calls for O-positive and O-negative blood donors to bolster supplies. Five elective procedures for cancer treatments were postponed, down from 13 the previous week, and 30 organ transplants were redirected, compared to 29 the week before.

 

Guy’s and St Thomas’, King’s College, and South London and Maudsley NHS Foundation Trusts remain in critical incident status, with Oxleas NHS Foundation Trust, Lewisham and Greenwich NHS Trust, Bromley Healthcare, and some primary care services in southeast London significantly impacted. Urgent and emergency services continue to operate normally, with NHS England London advising the use of 999 for emergencies and 111 phone or online services, including the NHS App, for non-emergencies.

 

Synnovis, a joint venture between Guy’s and St Thomas’, King’s College, and Synlab, is undergoing a phased restoration of its IT systems, which were severely impacted by the ransomware attack. The attack led to a major data leak, which was confirmed to include personal data such as names, NHS numbers, and test codes. The full extent of the stolen data is still being analyzed.

 

Synnovis CEO Mark Dollar expressed regret over the incident, stating, “We are very aware of the impact and upset this incident is causing to patients, service users, and frontline NHS colleagues, and for that, I am truly sorry. While progress has been made, much is yet to be done in the forensic IT investigation and the technical recovery. We work quickly and will keep our service users, employees, and partners updated.”

 

Efforts to restore Synnovis’ systems include new middleware installations at Guy’s and, St Thomas’ and King’s College, mutual aid across six affected London boroughs, and support from Synlab’s global operations. Synnovis is collaborating with NHS England’s Cyber Operations Team and the National Cyber Security Centre on the ongoing investigation and recovery efforts.