Synnovis, a pathology supplier for the NHS, suffered a **ransomware attack on 4 June 2024**, leading to the theft and online publication of **patient and staff data**—including **names, NHS numbers, test results, and administrative records**. The attack caused **widespread NHS service disruptions**, including **thousands of delayed appointments** at **King’s College Hospital and Guy’s and St Thomas’ NHS Foundation Trust**, **blood testing delays in primary care**, and **a confirmed patient death**. The stolen data was **unstructured, fragmented, and incomplete**, complicating investigations. Over a year later (by **November 2025**), Synnovis began notifying affected NHS providers (hospitals, GP practices, clinics) to assess exposure risks. The breach exposed **sensitive health data**, threatening **patient confidentiality, trust in NHS services, and operational continuity**, while also triggering calls for a **public inquiry into NHS cybersecurity and patient safety** due to the attack’s severity and systemic impact.
Viapath cybersecurity rating report: https://www.rankiteo.com/company/viapath-llp
"id": "via3232032111125",
"linkid": "viapath-llp",
"type": "Ransomware",
"date": "6/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': ['NHS hospitals',
'GP practices',
'clinics'],
'industry': 'healthcare',
'location': 'London, UK',
'name': 'Synnovis',
'type': 'pathology supplier'},
{'customers_affected': ['patients', 'staff'],
'industry': 'healthcare',
'location': 'London, UK',
'name': 'King’s College Hospital NHS Foundation Trust',
'type': 'hospital'},
{'customers_affected': ['patients', 'staff'],
'industry': 'healthcare',
'location': 'London, UK',
'name': 'Guy’s and St Thomas’ NHS Foundation Trust',
'type': 'hospital'},
{'customers_affected': ['patients nationwide '
'(indirectly)'],
'industry': 'healthcare',
'location': 'UK',
'name': 'NHS England',
'type': 'government health service'}],
'customer_advisories': ['potential individual notifications via letters or '
'website statements by NHS providers'],
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'high (health records, personally '
'identifiable information)',
'type_of_data_compromised': ['personal data (names, NHS '
'numbers)',
'test results',
'test codes',
'administrative records']},
'date_detected': '2024-06-04',
'date_publicly_disclosed': '2024-06-20',
'description': 'A ransomware attack on Synnovis, a pathology supplier for NHS '
'providers, led to widespread disruption of NHS services in '
'London, including delayed appointments and blood testing. '
'Stolen data, including patient and staff personal '
'information, was later published online by cybercriminals. '
'The attack also resulted in at least one patient death. '
'Synnovis completed its investigation over a year later, '
'revealing the stolen data was unstructured, fragmented, and '
'included names, NHS numbers, test results, and administrative '
'records. Affected NHS organizations are now reviewing the '
'data to assess impact and notify individuals as needed.',
'impact': {'brand_reputation_impact': ['potential loss of trust in NHS '
'cybersecurity',
'calls for public inquiry'],
'data_compromised': ['patient names',
'NHS numbers',
'test results',
'test codes',
'administrative records'],
'downtime': ['widespread disruption to NHS services',
'delayed appointments at King’s College Hospital NHS '
'Foundation Trust',
'delayed appointments at Guy’s and St Thomas’ NHS '
'Foundation Trust',
'delays to blood testing in primary care'],
'identity_theft_risk': ['high (due to exposure of NHS numbers and '
'personal data)'],
'operational_impact': ['disruption to pathology services',
'patient death attributed to attack',
'delayed medical procedures'],
'systems_affected': ['Synnovis corporate systems',
'administrative working drive']},
'initial_access_broker': {'high_value_targets': ['patient health records',
'NHS administrative data']},
'investigation_status': 'completed (as of November 2025)',
'lessons_learned': ['challenges in investigating unstructured, fragmented '
'stolen data',
'need for improved cybersecurity in NHS supply chain',
'importance of coordinated response for large-scale '
'breaches'],
'motivation': ['financial gain', 'data theft'],
'post_incident_analysis': {'corrective_actions': ['ongoing support for '
'affected entities',
'potential policy changes '
'pending public inquiry'],
'root_causes': ['unclear (investigation focused on '
'data impact rather than attack '
'vector)']},
'ransomware': {'data_encryption': True, 'data_exfiltration': True},
'recommendations': ['public inquiry into NHS cybersecurity',
'enhanced protection for third-party suppliers',
'proactive patient notification protocols'],
'references': [{'date_accessed': '2025-11-10',
'source': 'Synnovis official statement (via NHS England)'},
{'date_accessed': '2025-11',
'source': 'King’s College Hospital NHS Foundation Trust '
'statement'},
{'date_accessed': '2025-10',
'source': 'Cybersecurity expert Saif Abed (AbedGraham '
'Group)'}],
'regulatory_compliance': {'legal_actions': ['calls for public inquiry by '
'cybersecurity experts'],
'regulatory_notifications': ['NHS England oversight',
'affected '
'organizations '
'reviewing data for '
'compliance actions']},
'response': {'communication_strategy': ['direct notifications to NHS '
'organizations',
'public statements',
'patient notifications via '
'letters/website'],
'incident_response_plan_activated': True,
'recovery_measures': ['dedicated support for affected NHS '
'providers',
'website with updates for stakeholders'],
'remediation_measures': ['investigation into stolen data',
'notification of affected '
'organizations'],
'third_party_assistance': ['cybersecurity experts']},
'stakeholder_advisories': ['dedicated Synnovis website for updates',
'direct support to affected NHS organizations'],
'title': 'Synnovis Ransomware Attack and Data Breach (2024)',
'type': ['ransomware', 'data breach']}