Patient data published online following south east London cyber attack

  • 21 June 2024
Patient data published online following south east London cyber attack

Cyber criminals have published patient data online which they claim was stolen as part of an attack on Synnovis, NHS England has confirmed. 

The ransomware attack by Russian cyber criminal group Qilin, which took place on 3 June 2024, has caused widespread disruption to pathology services across south east London.

In a statement, NHSE said: “We understand that people may be concerned by this and we are continuing to work with Synnovis, the National Cyber Security Centre and other partners to determine the content of the published files as quickly as possible.

“This includes whether it is data extracted from the Synnovis system, and if so whether it relates to NHS patients”.

They added that the NHS will continue to update patients and the public as more information becomes available through Synnovis’ full investigation.

A spokesperson for Synnovis told Digital Health News that an analysis of the data published online was underway.

“This analysis, run in conjunction with the NHS, the National Cyber Security Centre and other partners, aims to confirm whether the data was taken from Synnovis’ systems and what information it contains,” they said.

The attack has affected pathology services at King’s College Hospital NHS Foundation Trust, Guy’s and St Thomas’ NHS FT , South London and Maudsley NHS FT, Oxleas NHS FT, Lewisham and Greenwich NHS Trust, Bromley Healthcare, and primary care services in south east London.

More than 800 planned operations and 700 outpatient appointments were rescheduled just in the first week following the cyber attack and the disruption is expected to continue for some time.

Eleanor Fairford, deputy director for incident management at National Cyber Security Centre, said: “The reports of sensitive data being published online by cyber criminals are very concerning and we are working with Synnovis and partners in the NHS and law enforcement to fully investigate.

“While investigations to determine whether sensitive data have been leaked are ongoing, we advise people to remain alert to suspicious messages or calls from would-be fraudsters who might try to exploit the situation”.

Meanwhile, NHS Dumfries and Galloway sent a leaflet on 17 June warning almost 150,000 patients to assume that their personal data is likely to have been stolen and published online following a major cyber attack in March 2024.

A ransomware group targeted the health board and when its demands were not met, it published around three terabytes of stolen patient data on the dark web.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Digital Health Coffee Time Briefing ☕

Digital Health Coffee Time Briefing ☕

Our latest Coffee Time Briefing includes updates on the Synnovis strike action and insights from the National Data Guardian 2023-2024 report.
NHS England launches digital clinical safety standards review

NHS England launches digital clinical safety standards review

NHS England has launched a review of digital clinical safety standards, requesting input from NHS stakeholders and IT manufacturers.
Digital Health Coffee Time Briefing ☕

Digital Health Coffee Time Briefing ☕

Today's Coffee Briefing covers new AI software that can determine time of stroke with remarkable accuracy, amongst other industry news.