Stolen blood test data from hospital cyber attack reportedly published online

Hundreds of operations and appointments are still being cancelled three weeks after the incident, ITV News Health Correspondent Rebecca Barry reports

Sensitive data from a ransomware attack on an NHS blood testing company has allegedly been published online by a cyber criminal group, NHS England said.

Synnovis, which provides pathology services on blood tests, was the victim of a cyber attack on June 3.

The attack is understood to have been carried out by Russian group Qilin.

Hundreds of operations and appointments are still being cancelled nearly three weeks after the incident, with patients at King’s College Hospital and Guy’s and St Thomas’ affected.

In a statement on Friday, NHS England said: “NHS England has been made aware that the cyber criminal group published data last night which they are claiming belongs to Synnovis and was stolen as part of this attack.”

The cyber criminal group reportedly shared almost 400GB of data – including patient names, dates of birth, NHS numbers and descriptions of blood tests – on their darknet site and Telegram channel.

Spreadsheets containing financial arrangements between hospitals and GP services and Synnovis were also reportedly published.

Synnovis, in a statement on Friday, said: “We know how worrying this development may be for many people. We are taking it very seriously and an analysis of this data is already under way.”

NHS England said it is working with the National Cyber Security Centre to try and verify the contents of the files that have been published online.

“We understand that people may be concerned by this and we are continuing to work with Synnovis, the National Cyber Security Centre and other partners to determine the content of the published files as quickly as possible,” NHS England said.

“This includes whether it is data extracted from the Synnovis system, and if so whether it relates to NHS patients.”

The Health Secretary Victoria Atkins chaired a meeting on Friday morning regarding the cyber attack.

Guys and St Thomas' Hospital in London was affected by the attack Credit: PA

She said on X: "I recognise the public will be concerned by the reports of leaked patient data."

A critical incident was declared by the three London hospitals following the attack, with blood transfusions among the services affected.

Some procedures and operations have been cancelled or have been redirected to other NHS providers as hospital bosses continue to establish what work can be carried out safely.

Between June 10-16, the second week after the attack, more than 320 planned operations and 1,294 outpatient appointments were postponed at King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust.

The number of rearranged planned operations has gone down by 494 since the first week after the attack, June 3-9, but the number of missed outpatient appointments has increased by 394.

The total so far is 1,134 planned operations and 2,194 outpatient appointments postponed, according to NHS England London figures.

Urgent and emergency services have remained available as usual.

Want a quick and expert briefing on the biggest news stories? Listen to our latest podcast episode to find out What You Need To Know...