Ransomware attack contributed to patient’s death, says Britain’s NHS

Editor's note: This article was updated with comment from Synnovis at 11:40 a.m. EST.

A ransomware attack that disrupted blood testing across several hospitals in London last year contributed to a patient’s death, according to the National Health Service (NHS).

The attack by the Qilin cybercrime group against London-based pathology service Synnovis last June severely disrupted care at a large number of NHS hospitals and care providers in London.

As a result of the attack, hospitals were unable to perform blood tests at the normal speed. A spokesperson for King's College Hospital NHS Foundation Trust said that this delay was among “a number of contributing factors” that led to a patient’s death during the incident, as first reported by the Health Service Journal.

“One patient sadly died unexpectedly during the cyberattack. As is standard practice when this happens, we undertook a detailed review of their care,” said the spokesperson.

“The patient safety incident investigation identified a number of contributing factors that led to the patient’s death. This included a long wait for a blood test result due to the cyber-attack impacting pathology services at the time. We have met with the patient’s family, and shared the findings of the safety investigation with them.”

The spokesperson declined to provide further information on the additional factors for patient confidentiality reasons.

In a statement, Synnovis CEO Mark Dollar said: "We are deeply saddened to hear that last year’s criminal cyberattack has been identified as one of the contributing factors that led to this patient’s death. Our hearts go out to the family involved."

Recorded Future News revealed last month that two cyberattacks affecting the NHS in 2024 had been formally identified as putting patients at risk of clinical harm. These attacks are expected to be the attack on Synnovis and another affecting  Wirral University Teaching Hospital NHS Foundation Trust, causing delays to cancer treatments.

It is believed that the data of more than 900,000 individuals was impacted by the ransomware group’s extortion tactics, which involved publishing test results revealing the names of patients with symptoms of sexually transmitted infections and cancer.

An analysis of the data by data breach specialists CaseMatrix identified personal names, dates of birth, NHS numbers and in some cases personal contact details alongside the pathology and histology forms used to share patient details between medical departments and institutions. 

A year on from the breach, the affected patients still have not been informed about what data of theirs was exposed in the incident.

Last month, a spokesperson for Synnovis stated: “We understand and share the eagerness for this investigation to conclude. It is nearing completion, which is significant progress, and allows us to now finalise the processes and mechanisms required to update any affected organisations and individuals as appropriate.”

The impact of the cyberattack severely reduced blood stocks across England as medical professionals were forced to use universal donor types because of limitations on blood matching, leaving several hospitals on the brink of limiting transfusions to only the most critical patients. Earlier this month, the NHS issued another call for more donations as stocks remain low.