Ransomwarecritical

Synnovis NHS: Ransomware Cancels 10,000 NHS Appointments Including Blood Transfusions

A Qilin ransomware attack on Synnovis — the pathology services provider for NHS London — forced major London hospitals to cancel over 10,000 appointments and 1,500 operations, critically impacting blood transfusion services.

Synnovis / NHS London·2024·2 min read

Attack Chain

  1. 1
    Synnovis NHS blood service attacked
  2. 2
    Ransomware encrypts lab systems
  3. 3
    Blood test results unavailable
  4. 4
    10,000+ appointments cancelled
  5. 5
    Qilin group demands $50M

Background

Synnovis provides pathology services (blood tests, transfusions, diagnostic tests) to major London NHS trusts including King's College Hospital and Guy's and St Thomas' NHS Foundation Trust. Ransomware disrupting a pathology provider directly impacts clinical care — doctors cannot operate without blood test results.

The Attack

Qilin ransomware encrypted Synnovis's IT systems on June 3, 2024. The immediate impact was catastrophic: hospitals could not access blood test results, process cross-matching for blood transfusions, or receive diagnostic outputs. Elective and emergency operations requiring blood products were cancelled. Hospitals declared critical incidents. The NHS had to request emergency O-type universal donor blood, causing a national shortage. Approximately 400GB of patient data was later published by Qilin when ransom negotiations failed.

Response

NHS England declared a national incident. NHS Blood and Transplant issued urgent appeals for O-type blood donations. Synnovis worked with NHS trusts to implement manual workarounds. Recovery took weeks. Qilin published patient data in June 2024 including names, dates of birth, and blood test results. The National Cyber Security Centre (NCSC) investigated.

Outcome

Over 10,000 outpatient appointments and 1,500 operations were postponed in the first weeks. The publication of patient blood test data was a particularly egregious privacy violation. The incident prompted a UK government review of cyber resilience across NHS supply chain providers.

Key Takeaways

  1. Pathology and blood services are life-critical — they require isolated backup systems and manual fallback procedures
  2. NHS supply chain providers with access to clinical data must meet NHS Digital security standards, not just general IT standards
  3. Blood supply chains must have contingency plans for extended pathology outages — donor appeals take days to take effect
  4. Ransomware groups increasingly publish exfiltrated medical data when ransom is refused — data protection must be assumed to have failed
QilinNHSblood transfusionpathologyhealthcare ransomware

More in Ransomware

2017critical

WannaCry Global Ransomware Attack

2 min readRansomware
2019critical

Norsk Hydro: Ransomware Shuts Down Aluminium Plants Across 3 Continents

2 min readRansomware
2016high

Hollywood Presbyterian: Hospital Pays $17,000 to Get Patient Records Back

2 min readRansomware