A major cyber attack on a provider of medical equipment has affected two London hospitals and tens of thousands of patients.

According to media reports, pathology systems at King’s College Hospital NHS Foundation Trust, and Guy’s and St Thomas’ NHS Foundation Trust, as well as GP services across South London, were affected by a ransomware attack on a partner.

Ransomware Attack

A spokesperson for NHS England London region said in a statement that Synnovis, a provider of lab services, was the victim of the ransomware attack on Monday 3rd June.

“We are working urgently to fully understand the impact of the incident with the support of the government’s National Cyber Security Centre and our Cyber Operations team.,” a spokesperson said.

Synnovis is a partnership between Synlab UK & Ireland, Guy’s and St Thomas’ NHS FT and King’s College Hospital Foundation Trust, and is responsible for transforming hospital-based laboratory and diagnostic services into an integrated ‘hub and spoke’ pathology network for south east London.

A statement from Synnovis confirmed the ransomware attack, and said it is trying to understand “exactly what has happened” as a taskforce of IT experts from Synnovis and the NHS is working to fully assess the impact this has had, and to take the appropriate action needed.

”We are working closely with NHS Trust partners to minimise the impact on patients and other service users” it said.

“Regrettably this is affecting patients, with some activity already cancelled or redirected to other providers as urgent work is prioritised. We are incredibly sorry for the inconvenience and upset this is causing to patients, service users and anyone else affected. We are doing our best to minimise the impact and will stay in touch with local NHS services to keep people up to date with developments.”

It went on to say that it does take cybersecurity very seriously, and has “invested heavily in ensuring our IT arrangements are as safe as they possibly can be” but “this is a harsh reminder that this sort of attack can happen to anyone at any time and that, dispiritingly, the individuals behind it have no scruples about who their actions might affect.”

Be Prepared?

The attack has seen GPs cancel all non-emergency pathology appointments, while hospital staff have been told to request emergency blood samples only from patients who require transfusions.

Shobhit Gautam, staff solutions architect, EMEA at HackerOne, pointed out that this is the third time Synlab and Synnovis have been hit by a ransomware attack: following attacks in June 2023 and April 2024. 

In the June 2023 instance, the ransomware gang Clop breached the French branch and stole data, while earlier this year, Synlab’s Italian subsidiary was hit by a different ransomware group, Black Basta, gaining unauthorised access to approximately 1.5TB of data and publishing it when no ransom was paid.

Dan Lattimer, vice president of Semperis comments that it is imperative for hospitals to conduct day-to-day operations assuming breaches will occur.

“Overall, ransomware attacks cause disruptions and cast doubt, cut into profits and in some cases can be a matter of life and death,” he said. “Preparing now for inevitable disruptions will dramatically improve hospitals operational resiliency and better prepare them to turn away adversaries, leading the threat actors to softer targets downstream.”

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.