close
close

Cyberattack on London hospitals declared a critical incident

Image description, Facilities affected include St. Thomas’, including the Royal Brompton and Evelina London Children’s Hospital.

Major hospitals in London have declared a critical incident after a cyberattack forced operations to be cancelled and emergency patients to be diverted elsewhere.

It applies to hospitals that work with Synnovis, a provider of pathology services.

Hospitals affected include King’s College Hospital, Guy’s and St Thomas’ – including the Royal Brompton and Evelina London Children’s Hospital – as well as primary health services.

The incident had a “significant impact” on the provision of services, particularly blood transfusions and test results.

Some procedures have been cancelled or transferred to other NHS providers as hospitals try to work out what work can be done safely.

The NHS said emergency care remained available.

The services of general practitioners in the boroughs of Bexley, Greenwich, Lewisham, Bromley, Southwark and Lambeth were also affected.

A Synnovis spokesman said the company had dispatched a “task force of IT experts” to “comprehensively assess” the impact.

The NHS apologised for the inconvenience and said it was working with the National Cyber ​​Security Centre to understand the impact.

“Go home and wait”

One patient, Oliver Dowson, 70, was being prepared for surgery at the Royal Brompton from 6am. At around 12.30pm, a surgeon told him the operation could not go ahead.

“Staff on the ward didn’t seem to know what had happened, only that many patients had been told to go home and wait for a new appointment,” he said.

“I got an appointment for next Tuesday and I’m keeping my fingers crossed.

“It’s not the first time they’ve cancelled, but it was probably due to staff shortages during the half-term week.”

Vanessa Welham, from Streatham, south-west London, said her husband’s blood test at Gracefield Gardens health centre was cancelled on Monday evening.

“My husband received a text message last night informing him that his appointment this morning had been cancelled due to reasons beyond the clinic’s control and that all major hospitals in south London are unable to accept appointments indefinitely.

“He went to the Swift website and made a new appointment – the earliest available was June 17, but that’s probably questionable.”

“I am incredibly sorry”

A spokesperson for NHS England in the London region confirmed that Synnovis had fallen victim to a ransomware cyberattack.

“Emergency care remains available, so patients should use services in the normal way and continue to attend appointments unless told otherwise,” they said.

“We will continue to provide updates on the impact on services and how patients can continue to receive the care they need.”

A Synnovis spokesperson said: “We apologise immensely for the inconvenience and upset this has caused to patients, service users and everyone else affected.”

“We are doing our best to minimise the impact and will stay in touch with local NHS services to keep people updated on developments.”

“Hard memory”

The spokesman added that they had “invested heavily” to “ensure that our IT arrangements are as secure as possible.”

“This is a harsh reminder that this type of attack can happen to anyone at any time and that the people behind it – disturbingly – have no scruples about who their actions might affect.

“The incident will be reported to law enforcement and the Information Commissioner and we are working with the National Cyber ​​Security Centre and the Cyber ​​Operations Team.”

The incident is believed to have occurred on Monday and resulted in some departments being unable to connect to a main server.

The Health Service Journal (HSJ) reported that a senior source said access to pathology results could take “weeks, not days”.

There are indications that urgent and emergency care in hospitals will be affected as they may not be able to access blood test results quickly, it said.

Get in touch

Do the issues raised in this story apply to you?