Patient data published online following south east London cyber attack

Cyber Security, News

  • 21 June 2024
Patient data published online following south east London cyber attack
Tammy Lovell
May 8, 2024

Cyber criminals have published patient data online which they claim was stolen as part of an attack on Synnovis, NHS England has confirmed. 

The ransomware attack by Russian cyber criminal group Qilin, which took place on 3 June 2024, has caused widespread disruption to pathology services across south east London.

In a statement, NHSE said: “We understand that people may be concerned by this and we are continuing to work with Synnovis, the National Cyber Security Centre and other partners to determine the content of the published files as quickly as possible.

“This includes whether it is data extracted from the Synnovis system, and if so whether it relates to NHS patients”.

They added that the NHS will continue to update patients and the public as more information becomes available through Synnovis’ full investigation.

A spokesperson for Synnovis told Digital Health News that an analysis of the data published online was underway.

“This analysis, run in conjunction with the NHS, the National Cyber Security Centre and other partners, aims to confirm whether the data was taken from Synnovis’ systems and what information it contains,” they said.

The attack has affected pathology services at King’s College Hospital NHS Foundation Trust, Guy’s and St Thomas’ NHS FT , South London and Maudsley NHS FT, Oxleas NHS FT, Lewisham and Greenwich NHS Trust, Bromley Healthcare, and primary care services in south east London.

More than 800 planned operations and 700 outpatient appointments were rescheduled just in the first week following the cyber attack and the disruption is expected to continue for some time.

Eleanor Fairford, deputy director for incident management at National Cyber Security Centre, said: “The reports of sensitive data being published online by cyber criminals are very concerning and we are working with Synnovis and partners in the NHS and law enforcement to fully investigate.

“While investigations to determine whether sensitive data have been leaked are ongoing, we advise people to remain alert to suspicious messages or calls from would-be fraudsters who might try to exploit the situation”.

Meanwhile, NHS Dumfries and Galloway sent a leaflet on 17 June warning almost 150,000 patients to assume that their personal data is likely to have been stolen and published online following a major cyber attack in March 2024.

A ransomware group targeted the health board and when its demands were not met, it published around three terabytes of stolen patient data on the dark web.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Prev News

West Hertfordshire Teaching rolls out OptiRad radiology tech

Next News

Derby and Burton rolls out BadgerNet EPR for maternity services

Related News

Barts Health rolls out Cynerio cyber security platform
Cyber Security November 20, 2024

Barts Health rolls out Cynerio cyber security platform

Barts Health NHS Trust has rolled out Cynerio’s healthcare-focused cyber security platform across all of its sites.
Mike Fell: ‘The evidence is that cyber attacks against the NHS have plateaued’
Cyber Security November 19, 2024

Mike Fell: ‘The evidence is that cyber attacks against the NHS have plateaued’

Ahead of speaking at Rewired 2025, Mike Fell, executive director of national cyber security operations at NHSE, sat down with Digital Health.
NHSE announces digital eye screening plans for diabetes patients
News November 18, 2024

NHSE announces digital eye screening plans for diabetes patients

NHS England has announced plans to provide digital eye scans in the community for diabetes patients, helping to prevent sight loss.