London hospitals cancel over 800 operations after ransomware attack

NHS England disclosed today that a recent ransomware attack on Synnovis has led to the cancellation of hundreds of operations and appointments in multiple London hospitals. The attack, attributed to the Qilin ransomware group, has significantly disrupted healthcare services across the region.

Synnovis, formerly known as Viapath, was established in 2009 as GSTS Pathology and rebranded in October 2022. It operates as a partnership between SYNLAB UK & Ireland, Guy’s and St Thomas’ NHS Foundation Trust, and the King’s College Hospital NHS Foundation Trust. The ransomware attack on June 3 has locked Synnovis out of its systems, severely impacting its services.

The ongoing service disruptions have affected Guy’s and St Thomas’ NHS Foundation Trust, King’s College Hospital NHS Foundation Trust, and primary care providers across South East London. The NHS reported that from June 3 to June 9, over 800 planned operations and 700 outpatient appointments had to be rearranged. Emergency services such as A&E, urgent care centers, and maternity departments continue to operate normally, but procedures reliant on pathology services have been postponed.

Synnovis is focused on the technical recovery of its systems, with plans to restore some functionality in the coming weeks. However, full restoration will take time, and disruptions are expected to continue for several months.

In addition to the operational disruptions, NHS Blood and Transplant (NHSBT) has issued a warning about blood shortages in London hospitals. They urgently need O-positive and O-negative blood donors to help replenish reserves critical for operations and procedures.

The Qilin ransomware operation, which rebranded from “Agenda” in August 2022, has been linked to numerous attacks, targeting over 130 companies. The group employs double-extortion tactics, stealing data before encrypting systems to pressure victims into meeting their demands. Ransom demands have ranged from $25,000 to millions of dollars for high-profile targets.

The dark web leak site used by Qilin went down shortly after the attack but has since resurfaced, though the group has not yet claimed responsibility for the Synnovis breach.