London Hospitals Disrupted by Ransomware Attack on Blood Test Provider
Seven major London hospitals, including Guy’s, St Thomas’, King’s College, and the Evelina children’s hospital, declared a “critical incident” after a ransomware attack crippled their pathology services. The attack, which began on Monday, targeted Synnovis, a private firm that processes blood tests for NHS trusts under a £1.1bn contract.
The incident forced cancellations of elective surgeries, blood transfusions, and planned caesarean sections, with some procedures redirected to other hospitals under mutual aid protocols. While emergency care and outpatient services remained operational, staff reported severe disruptions, including a shift to paper-based communication after Synnovis’s IT systems were locked.
Synnovis confirmed the attack had affected all its servers, though its labs remained partially functional. The company has engaged cybersecurity experts, including the National Cyber Security Centre (NCSC), and reported the breach to the Information Commissioner’s Office (ICO). The attackers identity unknown deployed ransomware to extort payment, a tactic increasingly paired with data theft and threats of publication if demands aren’t met.
This is the third ransomware attack on Synnovis’s parent company, Synlab, in the past year. In June 2023, the Clop gang breached its French subsidiary, while April 2024 saw Black Basta steal and leak 1.5TB of data from its Italian operations. Healthcare remains a prime target for cybercriminals due to underinvestment in IT security and the urgency of restoring critical services. The full recovery timeline remains unclear.
Source: https://www.theguardian.com/society/article/2024/jun/04/cyber-attack-london-hospitals
Evelina London Children’s Hospital TPRM report: https://www.rankiteo.com/company/guys-and-st-thomas-nhs-foundation-trust
Synnovis TPRM report: https://www.rankiteo.com/company/synnovis
Guy’s and St Thomas’ NHS Foundation Trust TPRM report: https://www.rankiteo.com/company/guys-and-st-thomas-nhs-foundation-trust
"id": "synguy1774334258",
"linkid": "synnovis, guys-and-st-thomas-nhs-foundation-trust",
"type": "Ransomware",
"date": "6/2024",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"{'affected_entities': [{'customers_affected': 'Seven major London hospitals '
'including Guy’s, St Thomas’, '
'King’s College, and Evelina '
'children’s hospital',
'industry': 'Healthcare (Pathology Services)',
'location': 'United Kingdom',
'name': 'Synnovis',
'type': 'Private firm'},
{'industry': 'Healthcare',
'location': 'London, United Kingdom',
'name': 'Guy’s Hospital',
'type': 'Hospital'},
{'industry': 'Healthcare',
'location': 'London, United Kingdom',
'name': 'St Thomas’ Hospital',
'type': 'Hospital'},
{'industry': 'Healthcare',
'location': 'London, United Kingdom',
'name': 'King’s College Hospital',
'type': 'Hospital'},
{'industry': 'Healthcare',
'location': 'London, United Kingdom',
'name': 'Evelina London Children’s Hospital',
'type': 'Hospital'}],
'data_breach': {'data_encryption': 'Yes (ransomware)',
'data_exfiltration': 'Possible (common in ransomware '
'attacks)'},
'date_detected': '2024-06-03',
'description': "Seven major London hospitals declared a 'critical incident' "
'after a ransomware attack crippled their pathology services '
'provided by Synnovis, a private firm processing blood tests '
'for NHS trusts. The attack forced cancellations of elective '
'surgeries, blood transfusions, and planned caesarean '
'sections, with disruptions to IT systems and a shift to '
'paper-based communication.',
'impact': {'brand_reputation_impact': 'High',
'operational_impact': 'Cancellations of elective surgeries, blood '
'transfusions, and planned caesarean '
'sections; shift to paper-based '
'communication',
'systems_affected': 'All Synnovis servers, pathology IT systems'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Healthcare remains a prime target for cybercriminals due '
'to underinvestment in IT security and the urgency of '
'restoring critical services.',
'motivation': 'Extortion',
'post_incident_analysis': {'root_causes': 'Underinvestment in IT security, '
'healthcare as a high-value target'},
'ransomware': {'data_encryption': 'Yes', 'data_exfiltration': 'Possible'},
'references': [{'source': 'News Article'}],
'regulatory_compliance': {'regulatory_notifications': 'Reported to '
'Information '
'Commissioner’s Office '
'(ICO)'},
'response': {'third_party_assistance': 'National Cyber Security Centre '
'(NCSC), cybersecurity experts'},
'title': 'London Hospitals Disrupted by Ransomware Attack on Blood Test '
'Provider',
'type': 'Ransomware'}