A affected person’s demise has been formally related to a cyber assault carried out by the Qilin ransomware group that crippled pathology providers at a number of main NHS hospitals in London final yr. The cyber assault on Synnovis, a key pathology supplier, prompted widespread disruption to important diagnostic providers, delaying crucial blood check outcomes and impacting affected person care considerably.
King’s School Hospital NHS Basis Belief confirmed {that a} affected person unexpectedly died through the cyber-incident. A spokesperson for the belief revealed {that a} detailed evaluate of the affected person’s care discovered a number of contributing elements, together with “a protracted anticipate a blood check consequence as a result of cyber assault impacting pathology providers on the time.”
The findings of this security investigation have been shared with the affected person’s household. Synnovis CEO, Mark Greenback, expressed deep disappointment, stating, “Our hearts exit to the household concerned.”
Widespread Chaos and Knowledge Theft
Hackread.com reported on this incident on June 4, 2024, highlighting the chaos throughout London’s healthcare system. The assault occurred on June 3, 2024, concentrating on Synnovis, which gives diagnostics, testing, and digital pathology in southeast London. This incident introduced blood testing throughout a number of NHS trusts, together with King’s School, Man’s and St Thomas’, and Lewisham and Greenwich hospitals, together with GP practices, to a halt.
The disruption was in depth, affecting greater than 10,000 outpatient appointments and resulting in the postponement of 1,710 operations at King’s School and Man’s and St Thomas’ NHS Basis Trusts.
Moreover, as per Sky Information, 1,100 most cancers remedies have been delayed. Healthcare suppliers confronted challenges with blood transfusions and matching, forcing them to make use of common O-type blood, which contributed to a nationwide scarcity of O-type provides, as defined by NHS England.
Practically 600 affected person security incidents have been linked to the assault, with two instances categorised as extreme, indicating everlasting injury or life-threatening delays, based on revised figures from 2025. Synnovis additionally reported having to discard 20,000 degraded blood samples from 13,500 sufferers as a result of lack of ability to check them.
The Russian cybercriminal group Qilin is believed to be accountable. The group additionally allegedly printed nearly 400GB of stolen delicate knowledge on-line, together with affected person names, dates of delivery, NHS numbers, blood check descriptions, and monetary preparations between hospitals and Synnovis, on its darknet website and Telegram channel.
A Precedent for Deadly Cyberattacks
This tragic demise attracts parallels with the same incident in Germany on September 18, 2020, as reported by Hackread.com. In that case, a ransomware assault on College Hospital Düsseldorf (UKD) prompted IT techniques to fail. An emergency affected person needing pressing therapy needed to be rerouted to a different hospital 32 kilometers away, resulting in her demise.
Investigators later discovered the attackers had mistakenly focused the college, not the hospital and offered a decryption key when knowledgeable of their error. The vulnerability exploited in that assault, Citrix ADC CVE-2019-19781, had a patch obtainable a month prior, emphasizing the crucial want for well timed cybersecurity updates in healthcare as these tragic incidents spotlight the extreme human value of cyberattacks on medical services.
