Patient Death Associated with NHS Cyber-Attack

A patient’s death has been officially attributed to the ransomware attack on Synnovis, the pathology services provider for multiple NHS hospitals in London, which occurred in 2024. This cyber incident caused extensive disruption to diagnostic services, resulting in delayed blood test results and considerable harm to patient care.

King’s College Hospital NHS Foundation Trust, one of the facilities most impacted, has confirmed that the patient “died unexpectedly” during the cyber-attack. A spokesperson stated, “As is standard practice when this happens, we undertook a detailed review of their care. The patient safety incident investigation identified several contributing factors that led to the patient’s death, including a prolonged wait for blood test results due to the cyber-attack affecting pathology services at that time.”

The attack on Synnovis, conducted on June 3, 2024, was attributed to a Russian cybercriminal group known as Qilin. This incident halted pathology and blood testing services across various NHS trusts and GP practices, disrupting over 10,000 appointments and causing the postponement of 1,710 operations at King’s College and Guy’s and St Thomas’ NHS Foundation Trusts.

Impact of the Synnovis Attack

The scale of the disruption was considerable, particularly throughout south-east London’s healthcare system. Notable figures from the attack include:

• 10,152 outpatient appointments disrupted
• 1,710 elective procedures postponed
• 1,100 cancer treatments delayed
• 170 cases of patient harm recorded
• 2 severe cases classified, involving permanent damage or life-threatening delays

Reports indicate that nearly 600 patient safety incidents were connected to the attack. Initially, no serious harm was reported, but later revisions indicated two cases of severe harm and over 120 incidents categorized as low-harm.

Mark Dollar, CEO of Synnovis, expressed condolences regarding the confirmed fatality, stating, “We are deeply saddened to hear that last year’s criminal cyber-attack has been identified as one of the contributing factors that led to this patient’s death. Our hearts go out to the family involved.”

New Measures to Strengthen Cybersecurity

In light of the escalating cyber threats, NHS England and the Department of Health and Social Care have urged all suppliers to embrace a new cybersecurity charter. This guidance encourages vendors to:

• Implement multi-factor authentication (MFA)
• Address known system vulnerabilities
• Support digital infrastructure maintenance
• Ensure secure, immutable backups of essential data

Additionally, the UK government announced a Cyber Security and Resilience Bill in April 2025 to address vulnerabilities within national infrastructure, including healthcare. Experts are advocating for an independent review of NHS cybersecurity to safeguard patient safety against future threats.