Major London hospitals disrupted by Synnovis cyberattack

A cyberattack affecting pathology and diagnostic services provider Synnovis has impacted healthcare services at multiple major NHS hospitals in London.

While Synnovis has yet to issue a statement regarding the June 3 cyberattack attack, memos sent by partner hospitals affected by the attack revealed that this "ongoing critical incident" has had a "major impact" on healthcare services across southeast London.

The list of impacted hospitals includes King's College Hospital, Guy's Hospital, St Thomas' Hospital, Royal Brompton Hospital, and Evelina London Children's Hospital.

"Our pathology partner Synnovis experienced a major IT incident earlier today, which is ongoing and means that we are not currently connected to the Synnovis IT servers," said Professor Ian Abbs, CEO of Guy's and St Thomas' NHS Foundation Trust.

"This incident is also affecting King's College Hospital NHS Foundation Trust and primary care across south east London," Abbs added.

"This is having a major impact on the delivery of our services, with blood transfusions being particularly affected. Some activity has already been cancelled or redirected to other providers at short notice as we prioritise the clinical work that we are able to safely carry out."

Impacted hospitals have also canceled some healthcare procedures (including operations) or redirected them to other providers because they couldn't perform them "safely."

​Urgent and emergency care at the impacted hospitals will also likely be affected by this incident since quick-turnaround blood test results are no longer available.

Sources familiar with the incident told Sky News that Synnovis had been the victim of a ransomware attack and that regaining access to pathology results would take weeks.

Formerly known as Viapath, Synnovis was established as GSTS Pathology in 2009 and switched to the Synnovis brand in October 2022.

Synnovis is a partnership between SYNLAB UK & Ireland, Guy's and St Thomas' NHS Foundation Trust, and the King's College Hospital NHS Foundation Trust.

Synlab Italia, part of the SYNLAB group and operating 380 labs and medical centers across Italy, suspended all medical diagnostic and testing services in late April after it was forced to shut down its IT systems to contain a ransomware attack.

In March, the Dumfries & Galloway NHS health board, which manages almost a dozen hospitals in Scotland, was also hit by a ransomware attack.

The INC Ransom extortion gang behind the breach didn't encrypt any systems but leaked roughly 3TB of stolen patient and staff personal information on their dark web leak site on May 6 after the NHS board refused to interact with the threat actors and ignored their ransom demands.

However, they failed to steal patients' health information stored on a separate system that wasn't compromised during the attack.

NHS Dumfries & Galloway said on May 21 that "services have continued to run as normal. No patient appointments or operations have had to be cancelled or rescheduled."