Pavilion Health Today
Supporting healthcare professionals to deliver the best patient care

NHS England confirms patient data was stolen in cyber attack

NHS England has confirmed that patient data has been stolen from systems managed by Synnovis, a pathology laboratory which processes blood tests on behalf of a number of NHS organisations.

NHS England has confirmed that patient data has been stolen from systems managed by Synnovis, a pathology laboratory which processes blood tests on behalf of a number of NHS organisations.

The cyber-criminal group Qilin has admitted to stealing the data, and the BBC has reportedly seen a sample of the stolen data including patient names, dates of birth, NHS numbers and description of blood tests. However, Synnovis says it has seen “no evidence” that this data has been published online.

NHS England is now working with the National Crime Agency to respond to the attack, and advises concerned patients to contact the helpline which can offer support if needed.

Thousands of hospital appointments cancelled as a result of cyber attack

King’s College Hospital and Guy’s and St Thomas’ in London are among the hospitals affected by the cyber attack, alongside some GP services.

According to the BBC, more than 3,000 hospital and GP appointments were disrupted by the attack, causing huge delays across services. Medical students were urged to volunteer for 10 or 12 hour shifts to help hand deliver blood tests to patients.

The affected hospitals are now working hard to manage the impact on patients, with local health systems providing additional resources to ensure urgent blood samples can still be processed.

NHS England advises all patients to continue to attend their appointments and urgent care services unless they have been told otherwise.

Synnovis says there is ‘no evidence’ that patient data has been published online

Synnovis says a team of technical experts are currently analysing the published data to see what information it contains. While it is too soon to be able to confirm its exact nature, Synnovis has confirmed limited, initial findings, including:

  • There is no evidence that the Laboratory Information Management Systems (the software that supports laboratory operations) databases had been posted. These are the main systems holding the patient test requests and results.
  • Synnovis’ administrative working drive has been posted in partial and fragmented form, and this contains some fragments of patient identifiable data.
  • The area in which Synnovis stores payroll information has not been published.

Synnovis says understanding what type of information has been published from the administrative working drive is their ‘current priority’, as is reviewing other data that has been published relating to their employees.

In a statement, the pathology laboratory said: “We and the technical experts who are supporting us are working as fast as we can to try to be able to confirm more details and appreciate that waiting will potentially cause people some concern. We will keep our service users, employees and partners updated as the investigation progresses.”

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read more ...

Privacy & Cookies Policy