Cyberattack Information Centre

This is the final progress update on our restoration and recovery programme. Going forward, queries regarding investigation status can be directed to:

For any media queries: synnovisqueries@fticonsulting.com
For questions from data controllers regarding the investigation: dataqueries@synnovis.co.uk

Services recovery and restoration

The first phase of our restoration plan was prioritised by clinical criticality and is now complete. Our service users now have access to almost all of our services that were available prior to the cyberattack. This is a significant milestone and the culmination of a relentless five-month process.

Our focus has now shifted to address all other systems, including the back office IT systems and platforms that, while not clinically critical, are key to the smooth operation of our business.

Mark Dollar, CEO, Synnovis:

“I would like to acknowledge the efforts of those whose tireless work has enabled us to reach this point. Our employees have demonstrated tremendous resilience and fortitude throughout this process - thank you all for your hard work.

“I’m also very aware that this has been an extremely challenging and sometimes distressing period for patients, service users and frontline NHS colleagues. I truly appreciate your patience and understanding over these past months and am incredibly sorry for the inconvenience and upset caused by this criminal attack.”

Investigation update

The investigation into the published data is advanced and ongoing, and its timeframe is in keeping with the scale and scope of such a complex incident.

As this process progresses, we will be engaging directly and proactively with the appropriate stakeholders, as required, to allow affected organisations to fulfill any regulatory obligations.

Notes to editors:

1. Synnovis is a pathology partnership between Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospitals NHS Trust, and SYNLAB, Europe’s largest provider of medical testing and diagnostics.

For all media queries relating to the cyberattack please contact:
Telephone : +44 (0) 20 3077 0549
Email: synnovisqueries@fticonsulting.com

"I am pleased to report that we successfully transferred the final cohort of GP services back to Synnovis this week, meaning that all GPs have access to our full repertoire of medical diagnostic services once again. At the same time, our programme to restore remaining IT systems continues apace.

"We expect to be in a position soon to resume the important programme to transform pathology services for patients living across south east London, which was paused in June immediately following the cyberattack.

"I recognise the disruption this incident has caused for patients, clinicians and other service users, and would like to thank everyone affected for their understanding, support and patience throughout."

Mark Dollar, CEO, Synnovis

GP, primary and community care pathology services

GPs based in Southwark, Lambeth and Bromley boroughs successfully transferred back to Synnovis this week, giving all our GP users access to our full repertoire of medical diagnostic services once again. I am pleased to report that these final transfers went smoothly and that GP services in our new hub laboratory continue to operate efficiently and effectively. We are planning to resume pathology testing services for local community and mental health services shortly.

Hospital pathology services

The majority of hospital services are now operating as they were before the cyberattack, although some of our processes are still being conducted manually while we rebuild digital interfaces to reconnect our laboratories with service users. The restoration of Blood Transfusion services remains on track to be completed by Autumn and we expect to be in a position to confirm dates soon.

Investigation status

The investigation is advanced, ongoing and has been conducted with the support of the National Crime Agency (NCA), NHS England (NHSE), National Cyber Security Centre (NCSC) and technical specialists. It involves interrogation of the published data to identify whether and to what extent any patient or employee data is affected. The complexity of the investigation means it will continue to take time to clarify and identify which individuals or organisations have been impacted.

In the interim, we continue to engage with law enforcement, the Information Commissioner, NCSC and NHSE.

For the latest NHS statement, please click here: https://www.england.nhs.uk/london/synnovis-ransomware-cyber-attack/lates…

Notes to editors:

1. Synnovis is a pathology partnership between Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospitals NHS Trust, and SYNLAB, Europe’s largest provider of medical testing and diagnostics.

For all media queries relating to the cyber attack please contact:
Telephone : +44 (0) 20 3077 0549
Email: synnovisqueries@fticonsulting.com

“We continue to make good, steady progress in delivering our restoration plan, having successfully rebuilt the majority of core IT systems. The approach to recovering services has been truly reflective of the effective collaboration in place between healthcare organisations across south east London. Once again, I would like to thank patients, GPs, clinicians, our partners and others for their support, patience and understanding during what has been a challenging time for all. 

"The impact the cyberattack is having on local healthcare services continues to subside, although regrettably we expect to feel its effects for some weeks to come. We continue to work with our NHS partners to minimise this impact on patients and healthcare workers as far as we possibly can." 

Mark Dollar, CEO, Synnovis

GP, primary and community care pathology services

Services for GPs based in Bexley, Greenwich, Lewisham, Southwark and Lambeth boroughs have successfully transferred back to Synnovis, giving access once again to our full repertoire of medical diagnostic services. We plan to repatriate the final borough, Bromley, by the end of September 2024 and will resume pathology testing services for local community and mental health services shortly afterwards.

Services in our new hub laboratory continue to operate efficiently and effectively for GPs who have already returned to Synnovis.

Hospital pathology services

The majority of hospital pathology services are now operating as they were before the cyberattack, although some of our processes are still being conducted manually while we rebuild digital interfaces to reconnect our laboratories with service users.

For the latest NHS statement, please click here: https://www.england.nhs.uk/london/synnovis-ransomware-cyber-attack/lates...

Investigation status

The investigation is advanced, ongoing and has been conducted with the support of the National Crime Agency (NCA), NHS England (NHSE), National Cyber Security Centre (NCSC) and technical specialists. It involves interrogation of the published data to identify whether and to what extent any patient or employee data is affected. The complexity of the investigation means it will continue to take time to clarify and identify which individuals or organisations have been impacted. 

In the interim, we continue to engage with law enforcement, the Information Commissioner, NCSC and NHSE.

Notes to editors:

1. Synnovis is a pathology partnership between Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospitals NHS Trust, and SYNLAB, Europe’s largest provider of medical testing and diagnostics.

For all media queries relating to the cyber attack please contact:
Telephone : +44 (0) 20 3077 0549
Email: synnovisqueries@fticonsulting.com

On Monday 3 June, Synnovis – a pathology partnership between Guy’s and St Thomas’ NHS Foundation Trust, King’s College Hospitals NHS Trust and SYNLAB - was the victim of a ransomware cyberattack, resulting in a major IT incident and a significant reduction in capacity to process samples.

Synnovis, along with NHSE, the NCA and our Trust partners, has been dedicating every available resource to protect our employees and our patients from the impact of this criminal act. As part of this, our initial focus was on containing the incident and delivering clinically safe interim solutions using technical processes that had an immediate impact.

As the incident response has progressed, Synnovis has made use of additional tools, including securing an injunction - a legal mechanism designed to protect employees and patients by limiting the downloading, sharing or misuse of the stolen data.  

As a result of this injunction, Synnovis can now take legal action against those who attempt to misuse or disseminate the stolen data, including ordering the removal of the stolen data from locations where it is shared. We believe that by taking this step we can provide additional reassurance to patients and our employees.

Notes to editors:

1. Synnovis is a pathology partnership between Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospitals NHS Trust, and SYNLAB, Europe’s largest provider of medical testing and diagnostics.
2. The immediate impact is on patients using NHS services within the hospitals of the two Trust partners and the South London and Maudsley NHS Foundation Trust, as well as GP services across Bexley, Greenwich, Lewisham, Bromley, Southwark and Lambeth boroughs.

For all media queries relating to the cyber attack please contact:

Telephone : +44 (0) 20 3077 0549
Email: synnovisqueries@fticonsulting.com

On Monday 3 June, Synnovis – a pathology partnership between Guy’s and St Thomas’ NHS Foundation Trust, King’s College Hospitals NHS Trust and SYNLAB - was the victim of a ransomware cyberattack, resulting in a major IT incident and a significant reduction in capacity to process samples.

Since the attack, every available resource has been dedicated to delivering largely manual interim solutions in parallel with the rebuild of over 60, interconnected IT systems and the phased restoration of service capacity. Thanks to the ongoing diligence of our colleagues and partners we have made significant progress and, while recovery is ongoing, are able to share the following updates.

Technical recovery

We have now rebuilt substantial parts of our IT infrastructure, enabling more of our laboratories to reconnect to the systems that enable us to receive test orders and return results electronically. As a result, core chemistry and haematology services (including coagulation studies) have been restored at King’s College and Princess Royal University Hospitals. Restoration for Guy’s and St Thomas’, Royal Brompton and Harefield Hospitals is planned in the coming days. Whilst we continue to ask service users to manage testing requests carefully as we complete final systems checks, we expect to be able to increase the numbers and types of tests shortly. This is a significant step forward in services recovery and in the carefully phased and clinically safe approach to bringing all our systems back online.

Blood Transfusion services will continue to be stabilised over the summer, with full restoration anticipated by early Autumn. Planning is also underway, in conjunction with our Trust partners, Pathology Business Unit (PBU) and Integrated Care Board (ICB), on the phased repatriation of GP services to the Blackfriars hub laboratory by early autumn. 

Investigation Progress

A taskforce of external IT experts continues to investigate the cyberattack on two fronts:

1. Investigation into the method of attack. Due to the ongoing investigation and its sensitive nature, we cannot provide further details at this stage.
2. Investigation into the data published by the criminals behind the cyberattack. Due to the format and partial nature of the published data, more needs to be done to determine if there are any aspects of it that relate to our employees or other impacted organisations and individuals.

Our technical experts and internal teams are working hard to verify more detail, however advisors have confirmed that investigations into incidents of this nature are complex and do take time.

We will provide updates as the investigation progresses, and should the investigation determine that personal or sensitive information was published, we will inform affected individuals in line with our obligations as a data controller.

In the interim, we continue to engage with law enforcement, the Information Commissioner, the National Cyber Security Centre (NCSC) and NHS England (NHSE).

“We have made significant progress with our technical recovery and the carefully phased restoration of services. While digital connectivity has been re-established at many of our laboratories, this process is taking time due to the complexity and inter-related nature of our various IT systems.

The effort and commitment that our people and Trust partners have stood up in response to this malicious attack has been humbling. We are very aware of the impact this attack continues to have on patients and service users, and I can only apologise to those affected and thank them for their patience.”

Mark Dollar, CEO, Synnovis

Notes to editors:

1. Synnovis is a pathology partnership between Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospitals NHS Trust, and SYNLAB, Europe’s largest provider of medical testing and diagnostics.
2. The immediate impact is on patients using NHS services within the hospitals of the two Trust partners and the South London and Maudsley NHS Foundation Trust, as well as GP services across Bexley, Greenwich, Lewisham, Bromley, Southwark and Lambeth boroughs.

For all media queries relating to the cyber attack please contact:

Telephone : +44 (0) 20 3077 0549
Email: synnovisqueries@fticonsulting.com

On Monday 3 June, Synnovis – a pathology partnership between Guy’s and St Thomas’ NHS Foundation Trust, King’s College Hospitals NHS Trust and SYNLAB - was the victim of a ransomware cyberattack, resulting in a major IT incident and a significant reduction in capacity to process samples.

Technical recovery

Almost all Synnovis IT systems were affected by this criminal attack, impacting everything from our analysers’ ability to identify and process incoming samples, through to the actual transmission of test results. Many of these processes have had to revert to paper and manual, rather than electronic, protocols which has significantly affected capacity and delivery timeframes.

Our phased approach to restoring our technical infrastructure, prioritising by clinical criticality, continues. To date, this has included the delivery of new middleware (software that simplifies the reporting and transmission of results from our laboratory information management systems) at both Guy’s and St Thomas’ and King’s College Hospitals which has increased our processing capacity at each. New ways of working and new middleware have also increased the volumes able to be processed at our Blackfriars hub laboratory, meaning the processing of some inpatient work from St Thomas’ Hospital and Kings College Hospitals will transfer into the hub from this week.

Full restoration of systems will take some time however, and we are working closely with our NHS partners and suppliers to deliver each phase in a safe and secure manner.

Operational updates

Recent progress includes the roll out of Mutual Aid across all six south east London boroughs, in conjunction with our NHS Trust Partners and the Integrated Care Board (ICB), which has increased the capacity available for the most critical and urgent blood tests from GPs. Capacity has also been delivered via the wider SYNLAB UK&I network, with more laboratories readying to take on capacity from this week.

Every available resource is focused on delivering the interim solutions required to contain impact while continuing to deliver clinically safe services and rebuilding service capacity. This has included SYNLAB diverting clinical and IT colleagues from across its wider UK laboratory network, well as from 12 other countries within their global operations. NHS colleagues are also providing hands on support.

Investigation progress

On 20 June, a cyber criminal group claiming responsibility for the attack published data online that analysis has since confirmed as data stolen from our systems. An initial analysis of the published stolen data found that:

• The format in which it has been published represents a partial copy of content from Synnovis’ administrative working drives. This drive held information which supported our corporate and business support activities.
• In some circumstances this information may contain personal data such as names, NHS numbers and test codes (identifying the requested test), although analysis is ongoing.
• Synnovis personnel files and payroll information were not published, but more needs to be done to review other data that has been published relating to our employees.
• The format and partial nature of what has been published makes it complex to interpret. As is typical in such incidents, it will take some time to conduct a comprehensive analysis in order to identify the full nature of the impacted data, organisations and individuals.

The investigations into the attack and any possible impact to data continues. A Synnovis IT taskforce and cyber specialists commissioned by the NHS are working closely with the National Cyber Security Centre (NCSC) and NHS England’s (NHSE) Cyber Operations Team. We continue to also keep law enforcement and the Information Commissioner fully informed.

“We are very aware of the impact and upset this incident is causing to patients, service users and frontline NHS colleagues, and for that I am truly sorry. While progress has been made, there is much yet to do, both on the forensic IT investigation and the technical recovery. We are working as fast as we can and will keep our service users, employees and partners updated.”

Mark Dollar, CEO, Synnovis

Notes to editors:

1. Synnovis is a pathology partnership between Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospitals NHS Trust, and SYNLAB, Europe’s largest provider of medical testing and diagnostics.
2. The immediate impact is on patients using NHS services within the hospitals of the two Trust partners and the South London and Maudsley NHS Foundation Trust, as well as GP services across Bexley, Greenwich, Lewisham, Bromley, Southwark and Lambeth boroughs.

For all media queries relating to the cyber attack please contact:
Telephone : +44 (0) 20 3077 0549
Email: synnovisqueries@fticonsulting.com

On 3 June, Synnovis – a pathology services partnership between two London-based hospital Trusts and SYNLAB - was the victim of a cyberattack. Last week a group claiming responsibility for the cyberattack published data online. We have now been able to confirm that this data was stolen from Synnovis’ systems.

An analysis of this data is already underway. This analysis, conducted by technical experts aims to confirm what information it contains. Unfortunately, it is too soon to be able to confirm the exact nature of the information and the organisations and individuals it relates to. From a limited and initial review conducted over the weekend, our understanding as of yesterday is: 

• There was no evidence that the Laboratory Information Management Systems (the software that supports laboratory operations) databases had been posted. These are the main systems holding the patient test requests and results.
• However, our administrative working drive has been posted in partial and fragmented form. This will contain some fragments of patient identifiable data. Understanding this is our current priority.
• The area where we store payroll information has not been published, but more needs to be done to review other data that has been published relating to our employees. 

We and the technical experts who are supporting us are working as fast as we can to try to be able to confirm more details and appreciate that waiting will potentially cause people some concern. We will keep our service users, employees and partners updated as the investigation progresses.”

Notes to editors: 

1. Synnovis is a pathology partnership between Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospitals NHS Trust, and SYNLAB, Europe’s largest provider of medical testing and diagnostics. 
2. A Laboratory Information Management System (LIMS) is a software system developed to support laboratory operations. It is designed to improve productivity and efficiency by keeping track of data associated with samples, experiments, laboratory workflows and instruments.
3. Guidance is available from the National Cyber Security Centre here [Data breach guidance for individuals - NCSC.GOV.UK].  

“On 3 June, Synnovis – a pathology services partnership between two London-based hospital Trusts and SYNLAB – was the victim of a cyberattack. Last night a group claiming responsibility for the cyberattack published data online that they allege belongs to Synnovis.

“We know how worrying this development may be for many people. An analysis of this data is already underway. This analysis, run in conjunction with the NHS, the National Cyber Security Centre and other partners, aims to confirm whether the data was taken from Synnovis’ systems and what information it contains.

“We will keep our service users, employees and partners updated as the investigation progresses.”

Notes to editors:

Synnovis is a pathology partnership between Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospitals NHS Trust, and SYNLAB, Europe’s largest provider of medical testing and diagnostics.
Guidance is available from the National Cyber Security Centre here [Data breach guidance for individuals – NCSC.GOV.UK].

For all media queries relating to the cyber attack please contact:
Telephone : +44 (0) 20 3077 0549
Email: synnovisqueries@fticonsulting.com

Click here for public questions and answers relating to the Synnovis cyber incident.

On Monday 3 June, Synnovis – a pathology partnership between Guy’s and St Thomas’ NHS Foundation Trust, King’s College Hospitals NHS Trust and SYNLAB - was the victim of a ransomware cyber attack, resulting in interruptions to many of our services.

Investigation Progress

The investigation into the attack continues, including any possible impact to data. Once further information is known we will report in line with Information Commissioner’s Office requirements, and prioritise the notification of any impacted individuals or partners as required.

We also continue to engage with law enforcement and the Information Commissioner and are working closely with the National Cyber Security Centre (NCSC) and NHS England’s (NHSE) Cyber Operations Team.

Operational Updates

Unfortunately, our capacity to process samples has been significantly reduced as a result of the incident and we have prioritised this capacity for urgent work.

We have delivered temporary workarounds including the redirection of non-urgent blood tests and result processing to other pathology labs to allow us to focus on urgent samples received from GPs, to ensure there is sufficient capacity for urgent testing and to prioritise the most clinically urgent tests for acute patients being cared for by our NHS hospital partners: King’s College Hospital NHS Foundation Trust and Guy’s and St. Thomas’ NHS Foundation Trust.

Technical Recovery

Synnovis is firmly focused on restoring services to our patients and users and working closely with NHSE and external specialists on technical recovery. We are delivering against a comprehensive plan which prioritises both clinical criticality and the safe and secure restoration of services.

In collaboration with our analytical platform suppliers, we have already brought our analysers back online, which is significant progress at this stage of the recovery process.

Mark Dollar, Synnovis CEO, said:

“I am incredibly sorry for the inconvenience and upset this incident is causing to patients, service users and frontline NHS colleagues. Please be assured that we are working tirelessly to restore systems and explore all options to contain impact on services.

Our plan for the restoration of services is comprehensive and well underway, running in parallel to the forensic investigation being led by external specialists. Every available resource is focused on this plan.

Progress has been made, and I am confident momentum will continue to gain pace given the extraordinary efforts of our colleagues and partners in supporting clinicians and their patients during such a disruptive time."

Notes to editors:

1. Synnovis is a pathology partnership between Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospitals NHS Trust, and SYNLAB, Europe’s largest provider of medical testing and diagnostics.
2. The immediate impact is on patients using NHS services within the hospitals of the two Trust partners and the South London and Maudsley NHS Foundation Trust, as well as GP services across Bexley, Greenwich, Lewisham, Bromley, Southwark and Lambeth boroughs.

Mark Dollar, Synnovis CEO said:

On Monday 3 June, Synnovis – a partnership between two London-based hospital Trusts and SYNLAB - was the victim of a ransomware cyberattack. This has affected all Synnovis IT systems, resulting in interruptions to many of our pathology services.

It is still early days and we are trying to understand exactly what has happened. A taskforce of IT experts from Synnovis and the NHS is working to fully assess the impact this has had, and to take the appropriate action needed. We are working closely with NHS Trust partners to minimise the impact on patients and other service users.

Regrettably this is affecting patients, with some activity already cancelled or redirected to other providers as urgent work is prioritised. We are incredibly sorry for the inconvenience and upset this is causing to patients, service users and anyone else affected. We are doing our best to minimise the impact and will stay in touch with local NHS services to keep people up to date with developments.

We take cybersecurity very seriously at Synnovis and have invested heavily in ensuring our IT arrangements are as safe as they possibly can be. This is a harsh reminder that this sort of attack can happen to anyone at any time and that, dispiritingly, the individuals behind it have no scruples about who their actions might affect.

The incident is being reported to law enforcement and the Information Commissioner, and we are working with the National Cyber Security Centre and the Cyber Operations Team.

We will share further updates as we know more, but regret that we are unable to respond to individual queries from the media at this time – thank you for your understanding.

Notes to editors:

1. Synnovis is a pathology partnership between Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospitals NHS Trust, and SYNLAB, Europe’s largest provider of medical testing and diagnostics.
2. The immediate impact is on patients using NHS services within the two partner hospitals, as well as GP services across Bexley, Greenwich, Lewisham, Bromley, Southwark and Lambeth boroughs

Media Enquires

For all media queries relating to the cyberattack please contact:
Telephone : +44 (0) 20 3077 0549
Email: synnovisqueries@fticonsulting.com