by A major London hospital has declared a critical incident after a cyber attack forced operations to be canceled and patients diverted elsewhere for care.
NHS officials said they were working with the National Cyber Security Center following the attack on Synnovis, which provides pathology services to major hospitals and GP surgeries in the capital.
The company said the ransomware attack affected all of its IT systems, which affected its pathology services.
A number of procedures and operations have been canceled or diverted to other NHS providers as hospital leaders continue to work out what work can be done safely.
Health service chiefs said services at King’s College, Guy’s and St Thomas’ Hospital in south-east London had been “significantly affected”.
A memo to staff said the “critical incident” had a “major impact” on the provision of services, with blood transfusions particularly affected.
Patients have described last-minute cancellations of operations and blood tests.
Oliver Dowson, aged 70, was prepared for an operation from 6am on June 3 at Royal Brompton when a surgeon told him at around 12.30pm that he would not go ahead.
He told the PA news agency: “Staff on the ward didn’t seem to be aware of what had happened, but many patients were being told to go home and wait for a new date.
“I’ve been given a date for next Tuesday and I’m crossing my fingers – it’s not the first time they’ve canceled it, they did it on May 28, but it’s probably short staffing in half term week .”
Vanessa Welham, from Streatham in south-west London, said her husband’s blood test at Gracefield Gardens health center was canceled on Monday evening and she was told local centers were not taking bookings for an “indefinite period of time”.
She told PA: “My husband got a text message last night saying that his appointment this morning had been canceled due to circumstances beyond their control, and that every major hospital in south London – King’s, St Thomas’, Guys, Evalina and Gracefield Gardens – able to take any bookings for an indefinite period of time.
“He went to the Swift website and made a new appointment – the earliest available was June 17th, but that’s probably doubtful.”
A spokesperson for NHS England London region said: “On Monday 3 June Synnovis, a provider of laboratory services, suffered a ransomware cyber attack.
“This has a significant impact on the provision of services at Guy’s and St Thomas’, King’s College Hospital NHS Foundation Trusts and primary care services in south east London, and we apologize for the inconvenience this is causing to patients and their families.
“Emergency care is still available, so patients should access services in the normal way by calling 999 in an emergency and using 111 otherwise, and patients should continue to attend appointments unless otherwise notified.
“We will continue to provide local patients and the public with updates on the impact on services and how they can continue to receive the care they need.
“We are working urgently to fully understand the impact of the incident with the support of the government’s National Cyber Security Center and our cyber operations team.”
Synnovis chief executive Mark Dollar confirmed the company was the victim of a ransomware cyber-attack, adding: “This affected all of Synnovis’ IT systems, which in turn affected many of our pathology services.
“It is still early days and we are trying to understand exactly what has happened. A task force of IT experts from Synnovis and the NHS is working to fully assess the impact this has had, and to take the appropriate action required.
“Unfortunately, this is affecting patients, with some activity already being canceled or diverted to other providers as urgent work is prioritized.
“We are very sorry for the inconvenience and upset this is causing patients, service users and anyone else affected. We are doing our best to minimize the impact and will stay in touch with local NHS services to keep people informed of developments.
“We take cyber security very seriously at Synnovis and have invested heavily in making sure our IT arrangements are as secure as they can be. This is a stark reminder that this kind of attack can happen to anyone at any time and, dishearteningly, the people behind it have no scruples about the people their actions may affect.
“The incident is being reported to law enforcement and the Information Commissioner, and we are working with the National Cyber Security Center and the Cyber Operations Team.”
Senior health services sources told the Health Service Journal (HSJ), it could take “weeks, not days” to access pathology results.
Synnovis was formed from a partnership between SynLab UK and Ireland, Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospital NHS Foundation Trust.
In 2021, it was announced that SynLab would partner with the NHS to provide pathology services at hospitals and GP services across south-east London.
As well as serving King’s and Guys’ and St Thomas’, the pathology service also serves South London and Maudsley and Oxleas NHS Foundation Trusts and a number of GP practices, clinics and other community services across the boroughs of Southwark, Lambeth, Bromley, Bexley, Greenwich and Lewisham.
Pathology services help diagnose and treat illnesses and infections by analyzing samples including blood and tissues.
Commenting on the attack, cyber security expert Steve Sands, from BCS – the Chartered Institute of IT, said: “This incident reminds us that the threat of ransomware is a constant threat to critical institutions from schools to hospitals.
“Of course, the perpetrators have no conscience, and will attack any organization whose cyber defenses are not strong enough.
“We need to ensure that all public sector organizations have contingency plans in place to manage cyber attacks, that staff are regularly trained on risk and that sufficient investment is made in software resilience.
“Whoever is in the next government must ensure that the NHS has this resource and that it is spent properly, to ensure that lives are not put at risk.”
Professor Awais Rashid, head of the Bristol Cyber Security Group at the University of Bristol, said: “Digital infrastructures on which critical services, such as those provided by the NHS, depend are often a complex mix of many different systems and third party services. suppliers. Therefore, cyber-attacks can have a large and significant cascading impact as we are seeing in this emerging situation where critical health services are affected.
“There are many complex technology intersections and software and service supply chains. Attackers are increasingly targeting these features leading to far-reaching disruptions to key societal functions.
“We need ways to ensure that critical services such as healthcare continue to operate safely and reliably even when parts of the infrastructure are under attack or threat.”
A Government spokesman said: “Patient safety is our priority and the Department of Health and Social Care, NHS England and the National Cyber Security Center are working together to investigate the impact of a cyber incident affecting a pathology provider.
“Support is being provided to the company and we are working with them to minimize the impact on services for a number of NHS organizations in south east London.
