Major hospitals in London declared a critical incident after a cyber attack led to operations being canceled and patients being diverted elsewhere for care.
NHS officials said they were working with the National Cyber Security Center following the attack on Synnovis, which provides pathology services to major hospitals and GP surgeries in the capital.
The company said the ransomware attack affected all IT systems, which in turn affected pathology services.
Some procedures and operations have been canceled or diverted to other NHS providers as hospital bosses continue to determine what work can be done safely.
There has been a “significant impact” on GP services at King’s College Hospital, Guy’s and St Thomas’ in south-east London, healthcare leaders said.
A memo to staff said the “critical incident” had had a “major impact” on the delivery of services, with blood transfusions in particular being affected.
Patients described last-minute cancellations of operations and blood tests.
Oliver Dowson, 70, was preparing for surgery at the Royal Brompton from 6am on June 3 when a surgeon told him at around 12.30pm that the surgery would not go ahead.
He told the PA news agency: “Staff on the ward didn’t seem to know what was happening, just that many patients were told to go home and wait for a new date.
“I was given a date for next Tuesday and to my surprise, this is not the first time they have cancelled, they did this on May 28th as well, but this was probably due to staff shortages during the half-term break.”
Vanessa Welham, from Streatham, south-west London, said her husband’s blood test at Gracefield Gardens health center was canceled on Monday evening and she was informed local centers were not taking bookings for an “indefinite period”.
She told PA: “My husband received a text message last night informing me that this morning’s appointment had been canceled due to circumstances beyond their control and that all major South London hospitals – King’s, St Thomas’, Guys, Evalina and Gracefield Gardens – had been closed in an unspecified manner.” We will not be able to take reservations for the time.
“She went to the Swift website and made a new appointment; the earliest date was June 17 but this is probably questionable.”
A spokesperson for the NHS England London region said: “On Monday 3 June laboratory services provider Synnovis fell victim to a ransomware cyber attack.
“This is having a significant impact on services provided at Guy’s and St Thomas’, King’s College Hospital NHS Foundation Trust and primary care in south-east London, and we apologize for any inconvenience this has caused to patients and their families.
“Urgent care remains available, so patients should access services as normal by calling 999 in an emergency or 111 otherwise, and patients should continue to attend appointments unless told otherwise.
“We will continue to provide local patients and the public with updates on the impact on services and how they can continue to receive the care they need.
“We are working urgently, with the support of the government’s National Cyber Security Center and our cyber operations team, to fully understand the impact of the incident.”
Synnovis CEO Mark Dollar confirmed that the company was the victim of a ransomware cyber attack, adding: “This impacted all Synnovis IT systems and resulted in the disruption of many of our pathology services.
“It is still early days and we are trying to understand exactly what has happened. A task force of IT experts from Synnovis and the NHS are working to fully assess the impact this has had and take the appropriate action required.
“Unfortunately, this is impacting patients; some activities have already been canceled or diverted to other providers as urgent work is prioritized.
“We are incredibly sorry for the inconvenience and upset this is causing patients, service users and others affected. We are doing everything we can to minimize the impact and will remain in contact with local NHS services to keep people informed of developments.
“At Synnovis we take cybersecurity very seriously and have invested heavily to ensure our IT arrangements are as secure as possible. It’s a harsh reminder that this type of attack can happen to anyone at any time and, depressingly, those behind it have no hesitation about who their actions will affect.
“The incident is being reported to law enforcement and the Information Commissioner and we are working with the National Cyber Security Center and Cyber Operations Team.”
Senior healthcare sources told the Health Service Journal (HSJ) it could take “weeks, not days” to access pathology results.
Synnovis was formed from a partnership between SynLab UK and Ireland, Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospital NHS Foundation Trust.
In 2021 it was announced that SynLab will partner with the NHS to provide pathology services and GP services at hospitals in south-east London.
As well as serving King’s and Guys’ and St Thomas’, the pathology service also serves South London, Maudsley and Oxleas NHS Foundation Trusts and a number of GP surgeries, clinics and other community services in the boroughs of Southwark, Lambeth and Bromley. Bexley, Greenwich and Lewisham.
Pathology services help diagnose and treat diseases and infections by analyzing samples such as blood and tissue.
Commenting on the attack, cybersecurity expert Steve Sands from the BCS Chartered Institute for IT said: “This incident reminds us that the ransomware threat is now an ever-present threat to critical institutions, from schools to hospitals.
“The perpetrators, of course, have no conscience and will attack any organization whose cyber defenses are not sufficiently robust.
“We need to ensure that all public sector organizations have contingency plans to manage cyber attacks, that staff are regularly trained on risk and that there is adequate investment in software resilience.
“Whoever forms the next government needs to make sure the NHS has this resource and that it is spent properly to ensure lives are not put at risk.”
Professor Awais Rashid, head of the Bristol Cyber Security Group at the University of Bristol, added: “Digital infrastructures on which critical services, such as those provided by the NHS, rely are often a complex combination of many different systems and third-party providers. So, as we are also seeing in this evolving situation where critical healthcare services are being affected , cyber attacks can have significant and significant cascading effects.
“There are countless intersections of complex technology stacks and software and service supply chains. Attackers are increasingly targeting these elements, leading to wide-ranging disruptions to core social functions.
“We need ways to ensure critical services like healthcare continue to operate safely and reliably even when parts of the infrastructure are attacked or compromised.”
A Government spokesman said: “Patient safety is our priority and the Department of Health and Social Care, NHS England and the National Cyber Security Center are working together to investigate the impacts of a cyber incident affecting a pathology provider.
“Support is being provided to the company and we are working with them to minimize the impact on the services of a number of NHS organizations in south-east London.