Header image

Synnovis Confirms Published Data is Legitimate

Some possible fragments of patient-identifiable data could be among published data.

Synnovis has confirmed that data published last week is legitimate. 

After attackers were reported to have published around 400GB of patient names, dates of birth, NHS numbers and descriptions of blood tests last week, Synnovis - who was the initial victim of the attack - has confirmed that the data was stolen from Synnovis’ systems.

In a statement, the company said  it is too soon to be able to confirm the exact nature of the information and the organisations and individuals it relates to. However from a limited and initial review conducted over the weekend, it determined:


• There was no evidence that the Laboratory Information Management Systems (the software that supports laboratory operations) databases had been posted. These are the main systems holding the patient test requests and results. 

• The administrative working drive has been posted in partial and fragmented form. This will contain some fragments of patient identifiable data. 

• The area where we store payroll information has not been published, but more needs to be done to review other data that has been published relating to our employees. 

Current Priority

The company said understanding the administrative working drive is the current priority. “We and the technical experts who are supporting us are working as fast as we can to try to be able to confirm more details and appreciate that waiting will potentially cause people some concern. We will keep our service users, employees and partners updated as the investigation progresses.”

Patients denied a blood test because of the cyber attack on the NHS may have to wait up to six months to have their sample taken.

According to media reports, delays are now so long that some patients have decided to pay to have their blood taken and analysed by a private clinic rather than remain on the NHS waiting list.

An ICO spokesperson said it is continuing to make enquiries into this matter, “we recognise the sensitivity of some of the information in question and the worry this may have caused” and urged anyone concerned about how their data has been handled to check the ICO website for advice and support, as well as visiting NHS England's website.


Dan Raywood Senior Editor SC Media UK

Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Upcoming Events

08
Aug
Webinar

How to Automate the Lifecycle of Joiners, Movers, and Leavers With No-Code Solutions

Streamlining the lifecycle of joiners, movers, and leavers using no-code automation

The process of onboarding new employees and quickly removing departing staff profiles can be both time-consuming and labour-intensive.
In this live webinar, we will look at how to streamline these processes to save time and resources, and providing a smooth experience for both admins and employees.

Key takeaways:
  • Understanding the importance of securing the joiners, movers and leavers process
  • Exploring successful attacks that occurred due to errors in managing these transitions
  • Discover which advanced controls can be utilized
image image image