Ransomware attack forces London hospitals to cancel services

Ransomware attack forces London hospitals to cancel services

A number of hospitals in London were forced to cancel operations and divert emergency patients following a ransomware attack on a critical supplier.

The incident has impacted Guy’s and St Thomas’, King’s College Hospital NHS Foundation Trusts, and primary care services across South East London, according to NHS England.

The disruption was a result of a ransomware attack on Synnovis, a third-party provider of essential pathology services, including blood tests, swabs, and bowel tests for the affected hospitals. Synnovis, in partnership with SYNLAB, is one of the largest pathology service providers in the UK, serving numerous NHS Foundation Trust facilities.

Synnovis CEO Mark Dollar confirmed that the attack had “affected all Synnovis IT systems, resulting in interruptions to many of our pathology services.” Due to these interruptions, the delivery of timely test results and diagnostic services has been delayed, leading to the cancellation of numerous surgical operations, including all transplant surgeries, because of the unavailability of necessary blood transfusions.

“This has resulted in a major impact on the delivery of services, such as blood transfusions and test results,” Dollar said.

In response to the crisis, Guy’s and St Thomas’ and King’s College Hospital declared a critical incident. Staff at these hospitals have been instructed to prioritize urgent and emergency test results, local media reported.

The list of impacted hospitals includes King's College Hospital, Guy's Hospital, St Thomas' Hospital, Royal Brompton Hospital, and Evelina London Children's Hospital. Due to the inability to perform healthcare procedures safely, some surgeries and other medical procedures have been canceled or redirected to other providers.

It’s currently unclear, what ransomware operation is responsible for the hack.


Back to the list

Latest Posts

Ongoing campaign targets exposed PostgreSQL instances to deploy crypto miners

Ongoing campaign targets exposed PostgreSQL instances to deploy crypto miners

The campaign could involve over 1,500 compromised systems.
2 April 2025
DPRK IT worker threat expands beyond the US, focuses on Europe

DPRK IT worker threat expands beyond the US, focuses on Europe

The schemes come with new tactics, including extortion campaigns and corporate virtualized infrastructure compromises.
2 April 2025
New PhaaS platform Lucid targets 169 entities across 88 countries using iMessage and RCS

New PhaaS platform Lucid targets 169 entities across 88 countries using iMessage and RCS

Lucid is capable of sending up to 100,000 smishing messages per day.
1 April 2025