Patient data published online following south east London cyber attack

Cyber Security, News

  • 21 June 2024
Patient data published online following south east London cyber attack
Tammy Lovell
May 8, 2024

Cyber criminals have published patient data online which they claim was stolen as part of an attack on Synnovis, NHS England has confirmed. 

The ransomware attack by Russian cyber criminal group Qilin, which took place on 3 June 2024, has caused widespread disruption to pathology services across south east London.

In a statement, NHSE said: “We understand that people may be concerned by this and we are continuing to work with Synnovis, the National Cyber Security Centre and other partners to determine the content of the published files as quickly as possible.

“This includes whether it is data extracted from the Synnovis system, and if so whether it relates to NHS patients”.

They added that the NHS will continue to update patients and the public as more information becomes available through Synnovis’ full investigation.

A spokesperson for Synnovis told Digital Health News that an analysis of the data published online was underway.

“This analysis, run in conjunction with the NHS, the National Cyber Security Centre and other partners, aims to confirm whether the data was taken from Synnovis’ systems and what information it contains,” they said.

The attack has affected pathology services at King’s College Hospital NHS Foundation Trust, Guy’s and St Thomas’ NHS FT , South London and Maudsley NHS FT, Oxleas NHS FT, Lewisham and Greenwich NHS Trust, Bromley Healthcare, and primary care services in south east London.

More than 800 planned operations and 700 outpatient appointments were rescheduled just in the first week following the cyber attack and the disruption is expected to continue for some time.

Eleanor Fairford, deputy director for incident management at National Cyber Security Centre, said: “The reports of sensitive data being published online by cyber criminals are very concerning and we are working with Synnovis and partners in the NHS and law enforcement to fully investigate.

“While investigations to determine whether sensitive data have been leaked are ongoing, we advise people to remain alert to suspicious messages or calls from would-be fraudsters who might try to exploit the situation”.

Meanwhile, NHS Dumfries and Galloway sent a leaflet on 17 June warning almost 150,000 patients to assume that their personal data is likely to have been stolen and published online following a major cyber attack in March 2024.

A ransomware group targeted the health board and when its demands were not met, it published around three terabytes of stolen patient data on the dark web.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Prev News

West Hertfordshire Teaching rolls out OptiRad radiology tech

Next News

Derby and Burton rolls out BadgerNet EPR for maternity services

Related News

NHS North West London ICB cuts virtual ward capacity
News July 11, 2024

NHS North West London ICB cuts virtual ward capacity

The end of ring-fenced funding for virtual wards has contributed to the fall in bed virtual ward bed capacity at NHS North West London ICB.
Digital Health Coffee Time Briefing ☕
News July 11, 2024

Digital Health Coffee Time Briefing ☕

This edition of Coffee Time Briefing includes a call for chartered status for tech professionals and text message initiative for NHS Scotland.
Over 6,000 operations and appointments delayed by London cyber attack
Cyber Security July 8, 2024

Over 6,000 operations and appointments delayed by London cyber attack

More than 6,000 operations and appointments have been postponed at London hospitals affected by the Synnovis cyber attack, NHS England has confirmed.