close
close

Data on NHS cyberattack that led to business shutdowns ‘published online by criminal group’

According to NHS England, confidential data from a ransomware attack on an NHS provider was allegedly published online by a group of cybercriminals.

Synnovis, which provides pathology services for blood tests primarily in southeast London, was the victim of a cyberattack on June 3, believed to have been carried out by the Russian group Qilin.

Even two weeks after the incident, hundreds of operations and appointments are still being cancelled.

According to the BBC, the cybercriminal group shared nearly 400GB of data – including patient names, dates of birth, NHS numbers and descriptions of blood tests – on its darknet site and Telegram channel. It is not known whether the data also includes test results.

An NHS blood testing provider is the victim of a cyberattack (Simon Dawson/PA)
An NHS blood testing provider is the victim of a cyberattack (Simon Dawson/PA) (PA Archive)

According to the BBC, spreadsheets showing financial agreements between hospitals, GP services and Synnovis were also published.

More than 1,130 planned operations and 2,190 outpatient appointments were postponed in London hospitals. King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust were hit hardest.

The Independent It had previously been announced that thousands of blood samples would be destroyed as a result of the cyberattack, meaning that GP practices in London could only carry out 400 out of 10,000 tests per day.

NHS England has pledged to publish weekly data on the impact of the cyberattack after admitting it will take months for hospitals to fully recover from the aftermath.

Among those whose operations were cancelled is Russell Ashley-Smith, 81, who said The Independent that he fears for his health after a life-saving procedure was postponed.

He is due to undergo complex open-heart surgery at King’s College Hospital in Denmark Hill, without which he may have up to two years to live.

Guy's and St Thomas' Hospital is among those affected by the cyberattack (Georgie Gillard/PA)
Guy’s and St Thomas’ Hospital is among those affected by the cyberattack (Georgie Gillard/PA) (PA Archive)

In a statement on Friday morning, NHS England said: “NHS England has been informed that last night cybercriminals released data they claim belongs to Synnovis and was stolen as part of this attack.”

“We understand that this is concerning to people and we continue to work with Synnovis, the National Cyber ​​Security Centre and other partners to determine the contents of the published files as quickly as possible.

“This includes whether it is data extracted from the Synnovis system and, if so, whether it relates to NHS patients.

“As more information becomes available during the full investigation into Synnovis, the NHS will continue to keep patients and the public updated.”

Synnovis said in a statement on Friday: “We know how worrying this development can be for many people. We take it very seriously and an analysis of this data is already underway.”

Between 10 and 16 June, the second week after the attack, more than 320 planned operations and 1,294 outpatient appointments were postponed at King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust.

The number of postponed planned operations was 494 lower than in the first week after the attack, but the number of missed outpatient appointments increased by 394.