Several major hospitals in London have faced service disruptions following a ransomware attack on a third-party responsible for providing pathology services. As a result, the Synnovis ransomware attack has been assigned a critical incident emergency status by the authorities.
On Monday, a ransomware attack targeted Synnovis, a company offering pathology services such as blood tests for transfusions to various healthcare organizations. A spokesperson for NHS England London confirmed the incident, stating that the hospital network was currently disconnected from Synnovis IT servers.
Synnovis Ransomware Attack Has ‘Significant Impact’
The Synnovis ransomware attack was having a “significant impact” on the delivery of services at Guy’s and St Thomas’ hospitals, King’s College Hospital NHS Foundation Trusts, and primary care services in southeast London, the spokesperson added.
“The immediate impact was reported on patients using NHS services within the two partner hospitals, as well as GP services across Bexley, Greenwich, Lewisham, Bromley, Southwark and Lambeth boroughs.”
Royal Brompton and Harefield hospitals, renowned heart and lung centers in the UK, have also reportedly been impacted.
As a result of the attack, some appointments have been canceled and patients redirected with short notice, placing additional strain on other hospitals.
“We are currently experiencing disruption to our pathology services, particularly blood tests.”
“This is following a cyber attack affecting our pathology service provider Synnovis,” said the NHS statement. “Very regrettably we have had to cancel some procedures and operations. We apologise unreservedly to all patients who are affected.”
The disruption in the blood transfusion IT system poses a risk to trauma cases, with only urgent blood components being transfused when critically necessary for patients. Efforts are underway by the Department of Health and Social Care, NHS England, and the National Cyber Security Centre to address the cyber incident and support affected organizations while prioritizing patient safety.
The uncertainty surrounding the duration of the disruption raises concerns about resource availability and potential further critical incidents.
The attack follows a similar one that hit NHS services in Scotland in March.
CEO’s Statement on Synnovis Ransomware Attack
Mark Dollar, the CEO of Synnovis, acknowledged the severity of the situation, emphasizing the collaborative efforts between IT experts from Synnovis and the NHS to assess the extent of the damage and implement necessary measures. Patient care has been disrupted, leading to some activities being canceled or redirected to alternative providers to prioritize urgent needs, Dollar said.
“It is still early days and we are trying to understand exactly what has happened.”
A taskforce of IT experts from Synnovis and the NHS is working to fully assess the impact this has had, and to take the appropriate action needed. We are working closely with NHS Trust partners to minimise the impact on patients and other service users.”
“Regrettably this is affecting patients, with some activity already cancelled or redirected to other providers as urgent work is prioritised.”
“We are incredibly sorry for the inconvenience and upset this is causing to patients, service users and anyone else affected. We are doing our best to minimise the impact and will stay in touch with local NHS services to keep people up to date with developments,” Dollar added.
Synnovis has invested heavily in ensuring that IT arrangements are of the highest order of safety but Dollar, citing the ransomware attack, said, “This is a harsh reminder that this sort of attack can happen to anyone at any time and that, dispiritingly, the individuals behind it have no scruples about who their actions might affect.”
As the healthcare sector continues to navigate the evolving landscape of cyber threats, stakeholders must remain vigilant, prioritize cybersecurity protocols, and collaborate to fortify defenses against ransomware attacks. Safeguarding patient data and preserving the trust of individuals relying on healthcare services are critical imperatives in the ongoing battle against cybercrime in the healthcare industry.