Key Takeaways

• Two patients experienced long-term or permanent harm due to a June 2024 cyber attack on NHS provider Synnovis.
• The attack led to over 10,000 outpatient appointments and nearly 1,700 elective procedures postponed across two major London hospitals.
• Synnovis anticipates total losses of £32.7 million from the incident and is investigating possible data leaks.

Cyber Attack Impact on NHS Patients

Recent reports have disclosed serious ramifications stemming from a ransomware attack on NHS pathology supplier Synnovis, which occurred on June 4, 2024. The attack significantly disrupted NHS operations in London, particularly affecting patient care.

According to the latest data acquired by Bloomberg News, at least two patients have endured severe harm, classified by NHS policies as long-term or permanent damage likely to affect their life expectancy. Additionally, there were 11 instances of moderate harm—where patients did not require immediate life-saving care but will need follow-up treatment—and over 120 cases of low harm, indicating mild health impacts.

Before this revelation, initial figures released by the NHS South East London Integrated Care Board in November 2024 had reported five moderate harm cases and 114 low harm cases. The updated numbers raise concerns about the actual extent of harm caused by the cyber incident.

Helen Hughes, CEO at Patient Safety Learning, emphasized the critical risks posed to patient safety by such cyberattacks. “These events not only disrupt care and treatment but can result in serious avoidable patient harm,” Hughes remarked. She urged healthcare providers to maintain vigilance regarding the potential risks to vulnerable patients due to delayed treatments and called for robust service recovery plans focused on patient safety.

Both Synnovis and the affiliated hospitals, King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust, declined to provide comments regarding the updated patient harm statistics.

Dr. Saif Abed, a cybersecurity expert, expressed his concerns, stating that these figures likely represent just a fraction of the true human cost of NHS cyber incidents. He called for immediate legislative action, asking Wes Streeting to initiate a public inquiry into NHS cybersecurity and patient safety to prevent future occurrences.

As further investigation unfolds, Synnovis has acknowledged potential losses estimated at £32.7 million due to the cyber attack, as indicated in its 2023 financial filings. The company is also probing whether personal patient data was leaked onto the dark web during the attack.

In a prior report, it was noted that the lapse may have been avoidable through the implementation of two-factor authentication measures. This highlights the essential cybersecurity protocols that could have mitigated the attack’s impact, underlining the pressing need for enhanced security measures across the NHS to safeguard patient information and health outcomes.

As the situation evolves, the NHS and relevant stakeholders must prioritize strengthening cybersecurity frameworks to protect vulnerable patients and minimize health risks associated with future cyber threats. The response to these incidents will be critical in restoring public confidence in the NHS’s ability to secure patient safety and data integrity.

The content above is a summary. For more details, see the source article.