Major cyberattack on NHS hospitals in London led to a critical incident and cancellation of operations

Sign up for our free email health check to receive exclusive health week analysis

Get our free health check by email

Two London hospital groups had to cancel all non-urgent operations and blood tests following a “major” cyberattack.

Pathology systems at Kings College Hospital Foundation Trust and Guy’s and St Thomas’ Hospitals Foundation Trust have been hit by a malware attack, according to emails shared by The Independent.

Synnovis is the provider of blood tests, smears, bowel examinations and other services to the hospitals serving NHS patients in six London boroughs.

The supplier covers Guy’s Hospital, which operates Evelina Children’s Hospital, Harefield Hospital, King’s College Hospital, Princess Royal University Hospital, Royal Brompton Hospital and St Thomas’ Hospital.

According to sources close to the hospitals, Synnovis warned on Monday that the company had fallen victim to a serious malware attack affecting tens of thousands of patients.

General practitioners have been instructed to cancel all non-urgent pathology appointments and hospital staff have been instructed to request emergency blood samples only from patients requiring a blood transfusion.

Several senior NHS sources have confirmed that the National Cyber ​​Security Centre is now involved, while NHS England has been forced to declare the second highest incident level.

In a message to staff on Monday, Guy’s and St Thomas’ said: “Synnovis, the pathology provider for King’s, Guy’s and St Thomas’, has informed us of a serious incident involving ICT systems.”

A critical incident was declared and staff were instructed to prioritize urgent requests and requests for emergency results.

A senior NHS source said The Independent, Transplants have been affected because patients’ blood tests cannot be checked, and London health leaders have warned that the incident could take “weeks or months” to resolve.

In a separate message, Synnovis stated that its IT systems had fallen victim to a “malware attack” affecting all services.

It said there would be delays in the transmission of results and GPs had been asked to cancel all non-urgent blood test appointments.

“Given the nature and scale of this attack, this is an evolving situation,” it said.

According to the emails, it is unclear how long the problem will persist.

The National Cyber ​​​​Security Centre and the National Crime Agency have been contacted for comment.