A patient’s death has been linked to the devastating NHS cyber-attack that struck several major hospitals across London last year, severely disrupting pathology services.
The ransomware attack, attributed to Russian cyber-criminal group Qilin, targeted Synnovis – a key pathology provider serving NHS trusts in south-east London.
The breach, which occurred on 3 June 2024, led to over 1,000 cancer treatment delays, 2,000 outpatient appointments being cancelled, and more than 1,000 surgeries being postponed.
King’s College Hospital NHS Foundation Trust confirmed on Wednesday that a patient “sadly died unexpectedly” during the cyber incident.
The Trust said the delay in receiving critical blood test results, caused by the cyber-attack, was a significant contributing factor in the tragedy.
“As is standard practice, we carried out a comprehensive patient safety review,” the Trust said in a statement. “The investigation found several contributing factors to the patient’s death, including a prolonged wait for blood test results due to the pathology system being offline.”
The Trust added that it had met with the patient’s family and shared the findings of the review.
Hospitals affected included Guy’s and St Thomas’, King’s College Hospital, and Lewisham and Greenwich, as well as primary care services across six London boroughs and two mental health trusts.
The disruption to pathology services meant blood transfusions and matching were halted, forcing hospitals to use universal O-type blood, which NHS England said triggered a nationwide shortage.
In a further blow, Synnovis revealed that 20,000 blood samples from 13,500 patients had to be discarded after degradation due to testing delays. All affected patients were required to reschedule their tests.
The cyber attackers also reportedly leaked nearly 400GB of sensitive NHS data online, including patient names, dates of birth, NHS numbers, and specific blood test records.
The BBC reported that financial spreadsheets detailing NHS hospital and GP arrangements with Synnovis were also shared on the dark web and Telegram.
The attack has raised serious concerns about the vulnerability of NHS digital infrastructure and the impact such cyber threats pose to patient safety and clinical services.
