Ransomware attack continues to disrupt healthcare in London nearly two years later

More than 18 months after a ransomware attack disrupted care at hospitals in South East London, internal documents show at least one NHS trust is still working without fully restored systems and managing large backlogs of delayed test results. The delays mean results may not be available when clinicians need them, increasing the risk they are missed or acted on late.

The June 2024 attack on Synnovis impaired blood testing across South East London, forcing hospitals to cancel operations and delay treatment. It also affected blood supplies, leaving stocks in what officials described as a “very fragile position” and prompting warnings that only the most critical transfusions might be prioritized.

The attack by the Qilin ransomware group also involved the theft and publication of sensitive patient data. Reporting indicated that information relating to nearly one million NHS patients may have been exposed, including individuals with conditions such as cancer and sexually transmitted infections. Many patients were not notified until late 2025.

The Information Commissioner’s Office declined to comment on the specifics of the Synnovis case and said its investigation into the incident is ongoing.

NHS England said 10,152 acute outpatient appointments and 1,710 elective procedures were postponed because of the attack, and that by the end of 2024 services had been restored. However, freedom of information responses from affected organizations indicate that at least one trust has not fully returned to normal. NHS England did not respond to a request for comment.

At South London and Maudsley NHS Foundation Trust (SLaM), pathology systems have not been restored as of publication, with the trust still operating in business continuity without electronic requesting or reporting and relying on paper processes and manual uploads.

The trust said staff had worked to maintain services using manual processes despite the disruption. It estimated the entering of 161,560 pathology reports into patient records had been delayed as of early January 2026.

Copies of emails said clinicians at SLaM were warned not to rely on the timely return of blood results. Critical results are being communicated by phone, while full reports are being delivered as paper or PDFs and manually uploaded into patient records.

The same documents state that, since the attack, no pathology reports for SLaM patients have been available in the London Care Record — a shared system used across NHS organizations in the capital — and that normal service had not resumed for the trust.

Professor Derek Tracy, the trust’s chief medical officer, said the disruption “has been a challenge for staff and services, but through the efforts in particular of our pathology team at SLaM, we have worked to mitigate risks as best we can.”

The trust said these workaround processes carried risks including delays, transcription errors and the potential for patient misidentification. Its data recorded 122 patient safety incidents of incorrect, unavailable or delayed pathology results as of January 2026.

Other trusts reported different measures of impact, from more than 11,000 canceled appointments at Lewisham and Greenwich NHS Trust to no recorded harm at Guy's and St Thomas' NHS Foundation Trust. The figures are not directly comparable, reflecting differences in how the incident was recorded.

NHS South East London, the integrated care board responsible for coordinating services across the region, said most organizations affected by the attack were no longer experiencing ongoing disruption and that impacted IT infrastructure had been rebuilt. It said analysis of the incident is ongoing, but did not set out the impact in detail.

The most serious reported outcome came at King's College Hospital NHS Foundation Trust, which recorded a patient death in which the cyberattack was considered a contributing factor, but said it was not possible to determine whether it directly affected the outcome.

Recorded Future News understands the death occurred in a complex clinical case. The trust said it was identified through an incident reporting field added after the cyberattack, and that a delay in receiving a blood test result was among the contributing factors.

Patient safety specialists say such classifications are typical in healthcare systems.

“Healthcare is a complex socio-technical system, with lots of human interactions alongside technology, and it’s very difficult to unpick how those combine to produce an outcome,” said Nick Woodier of the Health Services Safety Investigations Body (HSSIB), adding that safety science focuses on contribution rather than direct causation.

In its FOI response, SLaM said it had not been possible to quantify the impact of delays on diagnosis or treatment, despite recording incidents linked to missing or delayed results.

National data reflects that uncertainty. The Department of Health and Social Care recorded six cyber-related incidents across the NHS in 2024. Two were classified as posing “potential clinical harm,” defined as incidents where more than 50 patients were considered at risk. None were recorded as causing excess fatalities.

The HSSIB is currently investigating how healthcare organizations respond when electronic patient record systems lose functionality, including how prepared staff are to revert to manual processes and whether contingency plans are effective.

Research has also highlighted wider concerns about the resilience of NHS systems to disruption. A recent study by King's College London found that cyber incidents and other digital outages can have cascading effects on clinical care, particularly where services depend on integrated systems and real-time data access.

The paper described ransomware as the most significant current cyber threat to the NHS and warned that a single major technology failure could have serious consequences for patient safety. It cited the Synnovis incident as an example of the risks posed by supply-chain dependencies and uneven resilience across the health service.