News

Synnovis cyber attack – statement from NHS England

On 3 June, Synnovis, a pathology laboratory which processes blood tests on behalf of a number of NHS organisations, primarily in South East London, was the victim of a cyber attack.

NHS England has been made aware that a cyber criminal group published data last night which they are claiming belongs to Synnovis and was stolen as part of this attack.

The National Crime Agency and National Cyber Security Centre are working to verify the data included in the published files as quickly as possible.

We understand that people may be concerned by this and as more information becomes available through Synnovis’ full investigation, the NHS will continue to update patients and the public on the NHS Digital website.

A helpline has been set up and is available to answer questions. As we have further information about whether data has been leaked, and which data that is, the information will be posted on the NHS Digital website first.

Patients should continue to attend scheduled appointments and access urgent care as normal.

Questions and answers

What has happened?

Synnovis, a pathology laboratory which processes blood tests on behalf of a number of NHS organisations mostly in south-east London, has suffered a ransomware attack.

The perpetrators of the criminal attack have now claimed they have published some stolen internal data – but the National Crime Agency have not yet been able to verify this.

What does this mean for the NHS?

The attack has meant the NHS cannot use some of its systems essential to run blood tests in south-east London.

Blood tests are vital for a wide range of treatments, meaning this criminal attack has caused significant disruption in south-east London across a range of different treatments. While this has resulted in the postponement of appointments and operations affected by the attack, it’s important that patients continue to attend their appointments unless they have been asked not to.

All urgent and emergency services such as A&E, urgent care centres and maternity departments remain open as usual (although there may be some delays if people require blood tests).

Has data been stolen?

The National Crime Agency and National Cyber Security Centre are working to verify the data included in the files published by the criminals. These files are not simple uploads and so investigations of this nature are highly complex and can take weeks if not longer to complete. As more information becomes available, the NHS will continue to update NHS patients through the NHS website here

Am I at risk of getting scammed?

We haven’t yet been able to verify what has been stolen or the claims made by the cyber criminals. You should always be alert to approaches from anyone claiming to have your data and to any other suspicious calls or emails, particularly if you are asked to provide personal or financial data.

If you are contacted by someone who claims they have your data please contact Action Fraud who are the UK’s national reporting centre for fraud and cybercrime or 0300 123 2040.

Send suspicious emails to report@phishing.gov.uk or texts to 7726

The National Cyber Security Centre (NCSC) has further guidance for individuals and families on data breaches.

If I get an email from an NHS address, how do I know it’s legitimate?

There is no suggestion the criminals have gained access to the NHS email system. However, we would remind you that you will not receive unexpected contact from the NHS asking for personal or financial information.

If you receive an unexpected or suspicious email or a communication by other means that claims to come from the NHS, you should double-check it’s legitimate by contacting the organisation or department directly.

Don’t use an address or phone number from the message itself – use the details from the official organisation’s website, for example the NHS Trust or GP practice where you’ve been receiving care.

I’ve been contacted by someone who claims to have my data – what should I do?

Please contact Action Fraud who are the UK’s national reporting centre for fraud and cybercrime or 0300 123 2040

I have received a suspicious email / SMS what should I do?

Send suspicious emails to report@phishing.gov.uk or texts to 7726

When will we know more?

Criminal data breaches are complex and can take time to investigate.  We are working alongside Synnovis and law enforcement agencies who are continuing their investigations.  When we are able to release more information about the attack, we will do so through the NHS Digital website.

How will I know if my data has been accessed?

The investigation into what data has been stolen and released is ongoing. At this stage we aware of reports that stolen data has been released – but specialist cyber and crime agencies have not been able to verify this. We will update the NHS Digital website if individuals’ data has been stolen and released.

I am worried about this what should I do?

This website contains the most up to date information about the cyber incident and will be regularly updated. If you need to speak to someone about your questions, please call our incident helpline on 0345 8778967.

You should continue to use the NHS as normal if you are worried about your health, but please do not contact your local hospital or GP practice to ask whether your data has been impacted by this attack as they do not hold this information.

Will my appointment be cancelled?

If you have not heard from your healthcare provider, please attend appointments as normal as services including outpatients and community services are mostly running as usual, including cervical screening.

All urgent and emergency services such as A&E, urgent care centres, maternity department remain open as usual (although there may be some delays if people require blood tests).

How is the cyber-attack impacting on NHS services?

Blood tests are vital for a wide range of treatments, meaning this criminal attack has caused significant disruption in south east London across a range of different treatments. While this has resulted in the cancellation of appointments and operations affected by the attack, it’s important any patients who have not been contacted about this do continue to attend their appointments.

Will patient test results be lost?

Unprocessed samples were made safe by Synnovis and stored in their labs. However, due to the time that has now lapsed, some of these samples are no longer suitable for analysis and will need to be discarded.

Synnovis is working with the NHS Trusts and GP practices to determine which samples are affected and the process for informing patients.

We understand the distress this will cause patients who have to re-test. Synnovis have also put additional resources in place to ensure that urgent samples received from GP practices or hospitals can still be processed within appropriate timeframes.

Synnovis still have a copy of the data encrypted in the incident, and so historic test results will be available to clinicians once the IT systems are restored.

How long do you expect services to be affected by the cyber-attack?

Synnovis is focused on the technical recovery of the system, with plans in place to begin restoring some functionality in its IT system in the weeks to come.

Full technical restoration will take some time, and the need to re-book tests and appointments will mean some disruption from the cyber incident will be felt over coming months.

We are very aware of the disruption caused to patients and staff are working hard to ensure patients have all the information they need. Patients will be kept informed about any changes to their treatment by the NHS organisation caring for them. This will be through the usual contact routes including texts, phone and letters.