Synnovis Cyber Attack: Delayed Blood Test Results Linked to Patient Death, NHS Review Confirms

A patient has tragically died following long delays in blood test results caused by a ransomware attack on Synnovis, a pathology firm serving major NHS hospitals. The incident, which occurred in June 2024, severely disrupted lab services, forcing the cancellation of more than 1,000 medical procedures.

The findings were confirmed through an ongoing harm review conducted across impacted NHS trusts, including King’s College Hospital, Guy’s and St Thomas’, Lewisham and Greenwich, and several primary care networks in South East London.

A spokesperson from King’s College Hospital Foundation Trust told the Health Service Journal (HSJ): “Sadly, one patient died unexpectedly during the cyber attack. The patient safety investigation found several contributing factors, including the long wait for a critical blood test result caused by the incident.”

The trust added that the patient’s family has been informed of the findings. Due to privacy laws, details such as the patient’s age and exact date of death have not been disclosed.

Cyber Attack and Impact

Experts believe the hackers exploited simple security gaps to deploy ransomware, encrypting key Synnovis data and halting lab operations. During the crisis, GPs said it felt like “flying blind” without access to pathology results. Nearby pathology networks tried to pick up the slack, but significant delays still occurred.

For months, transfusion and blood matching services were affected. Hospitals had to rely on universal blood types, depleting regional reserves and prompting a national blood donation appeal.

The South East London Integrated Care Board confirmed that at least 170 patient harm cases are linked to the attack. Most were considered “low harm,” but the patient death is the most serious outcome so far.

Could It Have Been Prevented?

The HSJ revealed that the entire attack could have been avoided by implementing basic multi-factor authentication (MFA)—a common security practice used in banking and online services.

Synnovis, jointly owned by German firm Synlab (51%) and the NHS trusts (49%), reported a £33 million financial impact. When asked if a ransom was paid to the attackers, the company declined to comment.

Last month, the NHS’s top cyber security official, Phil Huggins, issued an open letter to suppliers, urging the adoption of stricter cyber protocols, including MFA.

Synnovis has said it’s working with a task force of cyber experts to upgrade its systems, policies, and testing procedures.