Over 800 surgeries canceled in London hospitals after ransomware attack

NHS England London revealed on Friday that more than 800 scheduled surgeries and 700 outpatient appointments had to be postponed following a ransomware cyber attack on London hospitals.

The outage came when cybercriminals attacked Synnovis, a pathology service provider that helps carry out blood tests, mainly in south-east London. Synnovis, formerly Viapath, is a company of Guy’s and St Thomas’ NHS Foundation Trust, King’s College Hospital NHS Foundation Trust and SYNLAB UK & Ireland.

The attack resulted in a “significant reduction in the number of tests that can be processed and reported to clinical teams,” NHS London revealed.

The two worst-affected trusts are King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust, NHS England said in an update on Friday.

It is assumed that the Russian cybercriminal group Qilin is behind the cyber attack on Synnovis, which took place on Monday, June 3. The attack blocked the pathology provider’s access to its systems until Sunday, June 9.

Officials expect the disruption to be felt for some time and believe it will likely take months for Synnovis systems to be fully restored.

“Synnovis is focused on technical restoration of the system and has plans to begin restoring some functionality of its IT system in the coming weeks. However, full recovery will take time and the need to rebook tests and appointments will mean that there will still be some disruption caused by the cyber incident over the coming months,” the NHS added.

“The cyber attack has had a significant impact on our services and will likely continue to do so for some time. Despite the extraordinary efforts of our staff and support from partners across London, to continue caring for patients, we have had to postpone a number of surgeries and appointments, which we are committed to rescheduling as quickly as possible – Professor Ian Abbs, Chief Executive of Guy’s and St Thomas’ The NHS Foundation Trust and Professor Clive Kay, chief executive of King’s College Hospital NHS Foundation Trust, said in a joint statement.

“We fully recognize the distress that any delay in care may cause to our patients and their families and we are very sorry for this. In the meantime, we urge patients to attend their scheduled appointments as scheduled unless contacted.”

In response, NHS England London has identified the cyberattack as a regional incident and is working to cover affected services using neighboring providers and national partners.

These measures include ensuring that patients requiring time-sensitive care can receive it, including the opportunity to undergo surgery in other hospitals; increasing the number of tests that can be reported per day; diversion of blood tests from doctors’ offices; and working with NHS Blood and Transplant (NHSBT) to provide additional supplies of ‘universal’ blood types, where patients do not need to undergo pre-transfusion testing.

In addition, urgent and emergency local services are available as usual and patients are advised to use services in the usual way in the event of an emergency, by calling 999 or otherwise using NHS 111 via the NHS app, online or telephone .

University Hospitals St. George’s NHS Foundation Trust have also set up an incident response desk to help manage requests and share information more easily. This will enable the trust to continue to provide services to its own patients while supporting others.

In addition, NHS England London said it would publish unreviewed management information on a weekly basis to provide a clearer picture of the scale of this disruption.