Several major hospitals in London have declared a critical incident following a cyber-attack that resulted in the cancellation of operations and the diversion of
emergency patients. The affected hospitals are partnered with Synnovis, a provider of pathology services.
The impacted hospitals include King’s College Hospital, Guy’s and St Thomas’, the Royal Brompton, and the Evelina London Children’s Hospital, along with various primary care services. The cyber-attack has severely disrupted services, particularly impacting blood transfusions and test results.
The incident, believed to have occurred on Monday, has caused significant connectivity issues with some departments unable to access the main server. As a result, some medical procedures have been canceled or redirected to other NHS providers to ensure patient safety. Despite these challenges, emergency care remains available.
General Practitioner (GP) services across Bexley, Greenwich, Lewisham, Bromley, Southwark, and Lambeth boroughs have also been affected. Synnovis has deployed a "taskforce of IT experts" to fully assess the impact and address the situation.
The NHS has apologized for the inconvenience and is collaborating with the National Cyber Security Centre to understand the extent of the impact.
One patient, Oliver Dowson, 70, was prepared for an operation at the Royal Brompton but was informed by a surgeon that it would not proceed. Dowson shared his experience, highlighting the confusion among staff and expressing hope for his rescheduled surgery.
Another affected individual, Vanessa Welham from Streatham, reported that her husband's blood test appointment was canceled. He was advised via text message that all major South London hospitals could not take bookings for an indefinite period. The earliest available rescheduled appointment was June 17, though its feasibility remains uncertain.
NHS England London confirmed that Synnovis was the victim of a ransomware attack. They assured that emergency care continues to be available and urged patients to attend their appointments unless notified otherwise.
Synnovis expressed deep regret for the inconvenience and disruption caused. They emphasized their commitment to minimizing the impact and maintaining communication with local NHS services.
Cyber security experts have highlighted the increasing threat of ransomware to critical institutions, including hospitals. Steve Sands from the Chartered Institute for IT emphasized the need for robust cyber defenses and contingency plans in public sector organizations to manage such attacks.
Prof Awais Rashid from the University of Bristol underscored the complexity of digital infrastructures, noting that cyber-attacks can have cascading impacts on critical services.
The government has pledged support to ensure patient safety and is working with Synnovis to mitigate the impact on NHS services in southeast London.
The incident underscores the urgent need for enhanced cyber resilience and investment in software security to protect critical health services from future attacks. Photo by Detail of Guy's Hospital, St Thomas Street by Stephen Richards, Wikimedia commons.