London hospitals hackers publish stolen NHS blood test data on dark web

A general view of Guys and St Thomas’ Hospital in London (PA Wire)
A general view of Guys and St Thomas’ Hospital in London (PA Wire)

A hacker gang behind a cyberattack who targeted an NHS blood testing company which threw services at major London hospitals into disarray has published stolen data online.

Qilin, a cyber criminal group thought to be based in Russia, hacked firm Synnovis on June 3 in an extortion bid, significantly reducing the tests that can be carried out at both King’s College Hospital Trust and Guy’s and St Thomas’ Trust.

Overnight on Thursday, the group published almost 400GB of data reportedly stolen in the hack on the dark web.

The BBC reported it included patient names, NHS numbers and dates of birth. The leak is being probed by police.

It is not currently known if test results are included in the data, but the cache reportedly does include business accounts showing financial transactions between Synnovis and hospitals.

An NHS England spokesperson said it was “aware” that data claimed to have been stolen in the hack was published online on Thursday night.

“We understand that people may be concerned by this and we are continuing to work with Synnovis, the National Cyber Security Centre and other partners to determine the content of the published files as quickly as possible,” said a spokesperson.

“This includes whether it is data extracted from the Synnovis system, and if so whether it relates to NHS patients.”

So far, 1,134 operations and 2,194 outpatient appointments have been postponed at King’s College Hospital Trust and Guy’s and St Thomas’ Trust since June 3.

Of the postponed elective procedures, around 184 were postponed cancer treatments, according to NHS data.

The attack has also severely impacted GPs in south and south east London, who are unable to carry out routine blood tests.

In an update on Thursday, Dr Chris Streather, Medical Director for NHS London, said the hack was continuing to have a significant impact on services.

“Although we are seeing some services operating at near normal levels and have seen a reduction in the number of elective procedures being postponed, the cyber-attack on Synnovis is continuing to have a significant impact on NHS services in South East London,” he said.

“Having treatment postponed is distressing for patients and their families, and I would like to apologise to any patient who has been impacted by the incident, and staff are continuing to work hard to re-arrange appointments and treatments as quickly as possible.”

Synnovis was formed from a partnership between SynLab UK and Ireland, Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospital NHS Foundation Trust.

In 2021, it was announced that SynLab would partner with the NHS to deliver pathology services at hospitals and GP services across south-east London.