Multiple London hospitals impacted by ransomware attack on Synnovis
Learn More
A ransomware incident has severely impacted several of London's major hospitals, causing significant disruptions in service delivery. The attack targeted Synnovis, a provider of pathology and diagnostic services, affecting IT systems and service delivery at multiple hospitals and other primary care services in southeast London.
Synnovis and NHS IT experts are working to assess the situation and minimize disruptions. The attackers injected ransomware, which has affected all Synnovis IT systems, including the WinPath blood transfusion system.
Hospitals Affected:
- Guy’s Hospital
- St Thomas’ Hospital
- King’s College Hospital
- Royal Brompton Hospital
- Evelina London Children’s Hospital
Details about exposed data types and the number of affected individuals have not been disclosed.
The attack has disrupted pathology and diagnostic services, blood transfusions and elective surgeries. Emergency services remain available, but patients are advised to dial 999 in emergencies and use 111 for non-urgent needs. Some procedures have been cancelled or redirected to other providers. Quick-turnaround blood test results are unavailable, affecting urgent and emergency care.
The NHS England London region is collaborating with the National Cyber Security Centre and its Cyber Operations team to understand and mitigate the incident. Hospitals have implemented business continuity plans, including mutual aid arrangements to manage the immediate impact.
Update - as of 15th of June 2024, it's reported that the incident caused more than 800 planned operations and 700 outpatient appointments to be rearranged in the first week after a cyber attack hit London hospitals. Five planned C-sections were rescheduled and 18 organs were diverted for use by other hospitals, while 736 hospital outpatient appointments and 125 community outpatient appointments had to be postponed.
As of 20th of June 2024, the Qilin ransomware gang has published almost 400GB of sensitive healthcare data online stolen in the cyberattack on Synnovis. The stolen data includes:
- patient names,
- dates of birth,
- NHS numbers,
- blood test descriptions.
As of 16th of September 2024, CaseMatrix analysis team reports that the breach impacted more than 900,000 individuals, though neither NHS England nor Synnovis, have confirmed the exact number of affected patients.
As of 10th of November 2025, Synnovis reports they have completed a year-long forensics investigation. The company will notify affected healthcare providers by November 21, who under UK law are responsible for conducting their own impact assessments and notifying patients.
