Update on Cyber Incident: 01 July 2024

Monday, 1 July, 2024

On Monday 3 June, Synnovis – a pathology partnership between Guy’s and St Thomas’ NHS Foundation Trust, King’s College Hospitals NHS Trust and SYNLAB - was the victim of a ransomware cyberattack, resulting in a major IT incident and a significant reduction in capacity to process samples.

Technical recovery

Almost all Synnovis IT systems were affected by this criminal attack, impacting everything from our analysers’ ability to identify and process incoming samples, through to the actual transmission of test results. Many of these processes have had to revert to paper and manual, rather than electronic, protocols which has significantly affected capacity and delivery timeframes.

Our phased approach to restoring our technical infrastructure, prioritising by clinical criticality, continues. To date, this has included the delivery of new middleware (software that simplifies the reporting and transmission of results from our laboratory information management systems) at both Guy’s and St Thomas’ and King’s College Hospitals which has increased our processing capacity at each. New ways of working and new middleware have also increased the volumes able to be processed at our Blackfriars hub laboratory, meaning the processing of some inpatient work from St Thomas’ Hospital and Kings College Hospitals will transfer into the hub from this week.

Full restoration of systems will take some time however, and we are working closely with our NHS partners and suppliers to deliver each phase in a safe and secure manner.

Operational updates

Recent progress includes the roll out of Mutual Aid across all six south east London boroughs, in conjunction with our NHS Trust Partners and the Integrated Care Board (ICB), which has increased the capacity available for the most critical and urgent blood tests from GPs. Capacity has also been delivered via the wider SYNLAB UK&I network, with more laboratories readying to take on capacity from this week.

Every available resource is focused on delivering the interim solutions required to contain impact while continuing to deliver clinically safe services and rebuilding service capacity. This has included SYNLAB diverting clinical and IT colleagues from across its wider UK laboratory network, well as from 12 other countries within their global operations. NHS colleagues are also providing hands on support.

Investigation progress

On 20 June, a cyber criminal group claiming responsibility for the attack published data online that analysis has since confirmed as data stolen from our systems. An initial analysis of the published stolen data found that:

- The format in which it has been published represents a partial copy of content from Synnovis’ administrative working drives. This drive held information which supported our corporate and business support activities.

- In some circumstances this information may contain personal data such as names, NHS numbers and test codes (identifying the requested test), although analysis is ongoing.

- Synnovis personnel files and payroll information were not published, but more needs to be done to review other data that has been published relating to our employees.

- The format and partial nature of what has been published makes it complex to interpret. As is typical in such incidents, it will take some time to conduct a comprehensive analysis in order to identify the full nature of the impacted data, organisations and individuals.

The investigations into the attack and any possible impact to data continues. A Synnovis IT taskforce and cyber specialists commissioned by the NHS are working closely with the National Cyber Security Centre (NCSC) and NHS England’s (NHSE) Cyber Operations Team. We continue to also keep law enforcement and the Information Commissioner fully informed.

“We are very aware of the impact and upset this incident is causing to patients, service users and frontline NHS colleagues, and for that I am truly sorry. While progress has been made, there is much yet to do, both on the forensic IT investigation and the technical recovery. We are working as fast as we can and will keep our service users, employees and partners updated.”

Mark Dollar, CEO, Synnovis

Notes to editors:

1. Synnovis is a pathology partnership between Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospitals NHS Trust, and SYNLAB, Europe’s largest provider of medical testing and diagnostics.
2. The immediate impact is on patients using NHS services within the hospitals of the two Trust partners and the South London and Maudsley NHS Foundation Trust, as well as GP services across Bexley, Greenwich, Lewisham, Bromley, Southwark and Lambeth boroughs.

For all media queries relating to the cyber attack please contact:
Telephone : +44 (0) 20 3077 0549
Email: synnovisqueries [at] fticonsulting [dot] com