A delayed blood test during a 2024 cyberattack on NHS pathology provider Synnovis has now been confirmed as a factor in a patient’s unexpected death.
What happened
The ransomware attack on Synnovis, a pathology services provider for the National Health Service (NHS), has now been linked to a patient fatality. According to an investigation concluded by Kings College Hospital NHS Foundation Trust, the cyberattack was one of the contributing factors in a patient’s death following long delays in accessing blood test results. This marks one of the first publicly confirmed cases in which a cyberattack is linked directly to a loss of life.
The Synnovis attack occurred on June 3, 2024, and was carried out by the Qilin ransomware group. The disruption led to more than 10,000 appointment cancellations and severely affected diagnostic operations across southeast London hospitals. Blood shortages followed, as providers were unable to perform standard blood matching, forcing reliance on universal O-negative blood.
Going deeper
The attack had prolonged consequences: even a year later, local blood stocks remained low. The investigation into the patient's death followed standard NHS procedures for unexpected fatalities. While multiple factors were identified, delays in pathology services due to the ransomware attack were among the most significant.
Synnovis CEO Mark Dollar issued a public statement expressing sorrow, calling the news “deeply saddening” and offering condolences to the patient’s family.
In addition to operational disruption, Qilin also exfiltrated large volumes of patient data. The group demanded a $50 million ransom, which was not paid. In retaliation, the attackers leaked portions of the stolen data online, reportedly including highly sensitive records such as names, cancer diagnoses, and STI symptoms. An estimated 900,000 patients may have been affected. Synnovis later reported over £32 million ($43 million) in direct costs tied to the incident.
What was said
Kings College Hospital NHS Foundation Trust confirmed the outcome of the investigation, noting that the delay in blood testing was one of several factors in the patient's care breakdown. Synnovis expressed public regret and mentioned the scale and criminal nature of the attack.
The full list of patients affected by the data breach has yet to be finalized, though a formal review is in its final stages. Individual notifications are expected in the coming weeks.
The big picture
The Synnovis incident shows the real-world impact of cyberattacks on healthcare operations, particularly when diagnostic services are disrupted. Unlike breaches that primarily involve data loss or financial damage, this case shows how delayed test results can affect patient outcomes.
FAQs
What is a pathology services provider like Synnovis responsible for?
Synnovis supports hospitals and clinics by processing diagnostic tests, including blood work and tissue analysis, which are needed for timely treatment decisions.
Why did hospitals rely on O-negative blood during the attack?
Due to the attack, standard blood matching processes were unavailable. O-negative blood, which can be safely given to most patients, was used as an emergency substitute.
What is Qilin, and how do ransomware groups like it operate?
Qilin is a known cybercriminal group that deploys ransomware to lock or steal data, then demand payment. If unpaid, they often leak sensitive information online.
What should patients do if they’re concerned their data was compromised?
Patients can contact Synnovis or their NHS provider. Formal notifications are expected to be issued once the review of stolen data is complete.
Has the NHS changed its policies in response to this incident?
While specific policy changes have not been detailed, the incident has increased scrutiny around third-party cybersecurity and disaster recovery planning across the NHS.
Farah Amod
