Cyberattack update: 24 June 2024

Monday, 24 June, 2024

On 3 June, Synnovis – a pathology services partnership between two London-based hospital Trusts and SYNLAB - was the victim of a cyberattack. Last week a group claiming responsibility for the cyberattack published data online. We have now been able to confirm that this data was stolen from Synnovis’ systems.

An analysis of this data is already underway. This analysis, conducted by technical experts aims to confirm what information it contains. Unfortunately, it is too soon to be able to confirm the exact nature of the information and the organisations and individuals it relates to. From a limited and initial review conducted over the weekend, our understanding as of yesterday is: 

• There was no evidence that the Laboratory Information Management Systems (the software that supports laboratory operations) databases had been posted. These are the main systems holding the patient test requests and results.

• However, our administrative working drive has been posted in partial and fragmented form. This will contain some fragments of patient identifiable data. Understanding this is our current priority.

• The area where we store payroll information has not been published, but more needs to be done to review other data that has been published relating to our employees. 

We and the technical experts who are supporting us are working as fast as we can to try to be able to confirm more details and appreciate that waiting will potentially cause people some concern. We will keep our service users, employees and partners updated as the investigation progresses.”


Notes to editors: 

1. Synnovis is a pathology partnership between Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospitals NHS Trust, and SYNLAB, Europe’s largest provider of medical testing and diagnostics. 

2. A Laboratory Information Management System (LIMS) is a software system developed to support laboratory operations. It is designed to improve productivity and efficiency by keeping track of data associated with samples, experiments, laboratory workflows and instruments.

3. Guidance is available from the National Cyber Security Centre here [Data breach guidance for individuals - NCSC.GOV.UK].