Over 6,000 operations and appointments delayed by London cyber attack

More than 6,000 operations and appointments have been postponed at London hospitals affected by the Synnovis cyber attack, NHS England has confirmed.

In an update, published on 4 July 2024, NHSE said that 4,913 acute outpatient appointments and 1,391 elective procedures have been postponed at King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust since the incident on 3 June.

Data for the fourth week of reporting (24-30 June) shows that across the two most affected trusts, 1,517 acute outpatient appointments and 136 elective procedures had to be postponed because of the ransomware attack against pathology provider Synnovis.

Dr Chris Streather, medical director for NHS London, said: “Although we are seeing significant progress, with most services operating near to normal, we continue to work tirelessly in partnership with our colleagues across London to ensure all services are back to being fully operational as quickly as possible”.

He added that the affected hospitals had “to deal with the added pressure of industrial action which put further demands on staff”.

The British Medical Association said that agreements had been made with NHSE to allow a limited number of junior doctors to work at sites most affected by the cyber attack, during the strikes which took place between 27 June and 2 July.

However, a spokesperson for the Department of Health and Social Care told Digital Health News that it was “unfortunately not possible” to immediately reschedule all of the surgical lists that had been stood down due to the planned strike.

Pathology services in south east London have increased to approximately 54% of normal capacity – compared to 45% on the week of 17-23 June.

A statement from Synnovis, published on 1 July, said: “Almost all Synnovis IT systems were affected by this criminal attack, impacting everything from our analysers’ ability to identify and process incoming samples, through to the actual transmission of test results.

“Many of these processes have had to revert to paper and manual, rather than electronic, protocols which has significantly affected capacity and delivery timeframes”.

It added the phased approach to restoring technical infrastructure included “the delivery of new middleware (software that simplifies the reporting and transmission of results from our laboratory information management systems) at both Guy’s and St Thomas’ and King’s College Hospitals which has increased our processing capacity at each”.

An initial analysis of data published on the web by cyber criminals found that the information may contain personal data such as names, NHS numbers and test codes, Synnovis said.

Investigations into the attack are continuing, with a Synnovis IT taskforce and cyber specialists commissioned by the NHS working closely with the National Cyber Security Centre and NHSE’s cyber operations team.