Cyberattack Information Centre
On Monday 3 June, Synnovis – a partnership between two London-based hospital Trusts and SYNLAB - was the victim of a ransomware cyber attack. This has affected all Synnovis IT systems, resulting in interruptions to many of our pathology services. Read the full statement here.
For all media queries relating to the cyber attack please contact:
Telephone : +44 (0) 20 3077 0549
Email: synnovisqueries@fticonsulting.com
- 13/09/2024 - Synnovis' update on cyber incident 13 September 2024
- 30/07/2024 - Synnovis' update on cyber incident 30 July 2024.
- 25/07/2024 - Synnovis' update on cyber incident 25 July 2024.
- 01/07/2024 - Synnovis' update on cyber incident 01 July 2024.
- 24/06/2024 - Synnovis' update on cyber incident 24 June 2024.
- 21/06/2024 - Synnovis' update on cyber incident 21 June 2024.
- 17/06/2024 - Synnovis' update on cyber incident 17 June 2024.
- 04/06/2024 - Synnovis' statement on the cyber attack.
Key Links
NHS England news page – For latest updates from NHS London.
South East London ICS - For updates to local patients and the public about the impact on services and how they can continue to get the care they need.
NHS England FAQs and helpline telephone number for patients and public.
Information for service users and patients
Previous updates
- 23 July 2024 - All Primary Care boroughs
- 10 July 2024 - Lewisham & Greenwich edition
- 03 July 2024 - Bexley & Bromley edition
- 03 July 2024 - Lewisham & Greenwich edition
- 03 July 2024 - Southwark & Lambeth edition
- 03 July 2024 - Bromley edition
- 28 June 2024 - Greenwich and Lewisham edition
- 24 June 2024 - Primary Care Update (all boroughs)
- 21 June 2024 - Primary Care Update (all boroughs)
- 20 June 2024 - Primary Care Cancelled Samples Update (all boroughs)
- 13 June 2024 - Primary Care Update (all boroughs)
- 10 June 2024 - Primary Care Latest Information Update (all boroughs)
- 10 June 2024 - Primary Care Update (all boroughs)
- 6 June 2024 - Bromley Edition
- 6 June 2024 - Southwark & Lambeth Edition
- 6 June 2024 - Bexley, Greenwich and Lewisham Edition
- 3 June 2024 - Primary care notification
For more information, please click here.
GSTT service users can find more information by searching 'Synnovis Cyber Attack' on GTi.
Royal Brompton and Harefield service users can find more information by searching 'Synnovis Cyber Attack' on the intranet.
Click here to access KCH service user information.
Previous updates:
05 August 2024 - Update on restoring pathology services (RBHH edition)
29 July 2024 - Update on restoring pathology services
17 July 2024 - Secondary care InSYNC update for pathology clinicians
05 July 2024 - Pathology Update (KCH Denmark Hill and PRUH Edition)
Specific service updates
Previous updates
- 16 August 2024 - Update on pathology services
- 08 August 2024 - Cyberattack: Pathology services update
- 01 August 2024 - Cyberattack: Pathology services update
- 25 July 2024 - Cyberattack: Latest on pathology services
- 12 July 2024 - Update following the cyberattack
- 02 July 2024 - Update on tests following cyberattack
- 24 June 2024 - Update following cyberattack
- 21 June 2024 - Update following cyberattack
- 14 June 2024 - Update on pathology services
- 13 June 2024 - Update on pathology services
- 6 June 2024 - Update following cyberattack
- 3 June 2024 - Major IT outage affecting all pathology services
Gradual increase in phlebotomy appointments
We are pleased to report that we have started to increase the number of phlebotomy appointments for patients registered with GPs based in Bexley, Lewisham and Greenwich. Please contact the SwiftQueue call centre on 0208 333 3217 to book an appointment. Please note that appointments are only available for patients who need results within five days, but availability will increase on a phased basis and we expect to be in a position to take non-urgent samples very soon. Thank you for your patience and understanding.
Cyberattack FAQs
On Monday 3 June, Synnovis – a pathology partnership between Guy’s and St Thomas’ NHS Foundation Trust, King’s College Hospitals NHS Trust and SYNLAB - was the victim of a ransomware cyberattack, resulting in interruptions to many of our services. The criminals behind the attack published data files on June 20. We confirmed on 24 June 2024, through an initial analysis, that the data published was stolen from some of our systems.
All Synnovis IT systems were affected, resulting in interruptions to many of Synnovis’ pathology services. The immediate impact is on patients using NHS services within Guy’s and St Thomas’, and King’s College Hospital NHS Foundation Trusts and the South London and Maudsley NHS Foundation Trust, as well as GP services across Bexley, Greenwich, Lewisham, Bromley, Southwark and Lambeth boroughs.
Unfortunately, our capacity to process samples has been significantly reduced as a result of the incident and we have prioritised this capacity for urgent work.
We have delivered temporary workarounds including the redirection of non-urgent blood tests and result processing to other pathology labs to allow us to focus on urgent samples received from GPs, to ensure there is sufficient capacity for urgent testing and to respond to the highest priority cases at St Thomas’ Hospital and King’s College Hospital.
Changes to processing of testing and results are being communicated directly to GPs and other service users to ensure a smooth transition.
Our specialist referrals service users have been affected differently to the two Trust partners’ hospital and related GP activity due longer turnaround times and the fact they don’t require automated transfer of results. Updates have been provided to those service users to identify the tests we can’t currently process for them, and those tests that should only be sent to us if considered clinically urgent.
Recent progress includes the roll out of Mutual Aid across all six south east London boroughs, in conjunction with our NHS Trust Partners and the Integrated Care Board (ICB), which has increased the capacity available for the most critical and urgent blood tests from GPs. Capacity has also been delivered via the wider SYNLAB UK&I network, with more laboratories readying to take on capacity as of week commencing 1st July.
Our phased approach to restoring our technical infrastructure, prioritising by clinical criticality, continues while ensuring that restoration takes place in a safe and secure manner. While full restoration will take some time, we expect to restore some IT system functionality and reintroduce many clinical services in the coming weeks and are working closely with our NHS partners on this process. The delivery of new middleware (software that simplifies the reporting and transmission of results from our laboratory information management systems) at both Guy’s and St Thomas’ and King’s College Hospitals has increased our processing capacity at each. New ways of working and new middleware have also increased the volumes able to be processed at our Blackfriars hub laboratory, meaning the processing of some inpatient work from St Thomas’ Hospital and Kings College Hospitals has transferred into the hub as of last week.
Full technical restoration will take some time however, and the need to re-book tests and appointments will mean some disruption will continue to be felt over coming months.
Yes, a group claiming responsibility for the cyberattack published data online. We have now been able to confirm that this data was stolen from Synnovis’ systems.
At this stage, it is too soon to be able to confirm the exact nature of the information and the organisations and individuals this data relates to. Technical experts are leading a comprehensive analysis of the data in order to answer these questions. An initial analysis of the published stolen data found that :
- The format in which it has been published represents a partial copy of content from our administrative working drives. This drive held information which supported our corporate and business support activities.
- Synnovis personnel files and payroll information were not published, but more needs to be done to review other data that has been published relating to our employees.
- In some circumstances this information may contain personal data such as names, NHS numbers and test codes (identifying the requested test), although analysis is ongoing.
- The format and partial nature of what has been published makes it complex to interpret. As is typical in such incidents, it will take some time to conduct a comprehensive analysis in order to identify the full nature of the impacted data, organisations and individuals.
We are very much aware of and apologise for the uncertainty and concern this is causing. We are working with our technical experts as fast as we can to confirm more details, however investigations of this type are complex and can take time. Given the complexity of the investigation it may be some weeks before we are clear about which individuals have been impacted. We will keep our service users, employees and partners updated as the investigation progresses.
Unfortunately, this is a harsh reminder that this sort of attack can happen to anyone at any time and that, dispiritingly, the individuals behind it have no scruples about who their actions might affect. We take cybersecurity very seriously at Synnovis and have invested heavily in ensuring our IT arrangements are as safe as they possibly can be, and will continue to do so. We continuously invest in the security of our IT systems and processes as well as the awareness of employees to protect its infrastructure and data.
We have taken several steps to further secure our infrastructure and implement operational mitigations for partners. These have included but are not limited to:
- Working with a taskforce of IT experts from Synnovis and the NHS, together with third-party advisers
- Standing up new data centre infrastructure
- Resetting all service platform passwords and expiring MFA tokens
The incident has been reported to law enforcement and the Information Commissioner. Our teams are working with leading cybersecurity experts, including the National Cyber Security Centre (NCSC) and the Cyber Operations Team, and we will continue to provide updates as further information is made available.
Last updated: 27/06/2024