Synnovis Breach - UK Providers Notified of 2024 Data Theft

Synnovis, a British pathology lab partnership between Guy's and St Thomas' NHS Foundation Trust, King's College Hospitals NHS Trust, and Synlab, completed forensic analysis of data stolen in June 2024 ransomware attack attributed to Qilin gang. The attack hit almost all IT systems, disrupting pathology services and leading to blood testing failures that canceled 10,152 acute outpatient appointments and 1,710 elective procedures at London hospitals. What made forensics difficult: attackers exfiltrated data "in haste from a working drive, in a random and untargeted manner"—resulting in fragmented, unstructured stolen data that took over a year to analyze. The stolen data came from working drives, not Synnovis' primary lab database. Some included NHS numbers, patient names, dates of birth, and a small amount of test results matched to individuals. Most test results appeared as numerical references or codes requiring clinical knowledge to interpret. Synnovis is now notifying affected healthcare providers by November 21, 2025. Under UK law, providers determine whether patient notification is necessary. The attack caused blood shortages lasting months—O-negative supplies dropped to unprecedented lows. NHS England later linked one patient death to delayed blood test results caused by the cyberattack. Synnovis did not pay ransom, stating this decision reflected "commitment to ethical principles and rejection of funding future cybercriminal activities." All IT services were restored by late fall 2024, with most applications rebuilt from scratch.