A ransomware attack on NHS blood services in London last year has been linked to the death of a patient, BBC reported.
The cyberattack, which took place on 3 June 2024, disrupted pathology services and led to over 10,000 cancelled appointments across hospitals and GP surgeries in south-east London. The trust confirmed that one patient “died unexpectedly” and that a delay in receiving blood test results caused by the attack was among several contributing factors.
“We have met with the patient’s family and shared the findings of the safety investigation,” a spokesperson said. “The investigation identified a number of contributing factors, including a long wait for a blood test result due to the cyberattack.”
The attack targeted Synnovis, a lab services agency supporting NHS trusts and GPs, and resulted in the theft of patient data.
The Health Service Journal reported that nearly 600 care-related incidents were tied to the breach, with 170 affecting patient care. Among those, one case was classified as causing “severe” harm, and 14 as “moderate” harm.
The Qilin ransomware gang, a Russian-speaking cybercriminal group, has claimed responsibility for the hack. Known for targeting healthcare and public sector organizations globally, Qilin reportedly exfiltrated 350GB of data from Synnovis. The group has also been linked to attacks on the Houston Symphony and the health ministry of Palau.
The US Department of Health and Human Services estimates that Qilin-related cyberattacks have caused up to $40 million in damages globally, particularly within the healthcare sector.
