News

Update on cyber incident: clinical impact in South East London – Friday 14 June 2024

On Monday 3 June, a ransomware cyber attack was perpetrated against Synnovis, a pathology laboratory which processes blood tests on behalf of a number of NHS organisations, primarily in South East London.

The clinical impact of the attack has seen a significant reduction in the number of tests which can be processed and reported back to clinical teams.

In response, NHS England London declared a regional incident and has been coordinating work across affected services, as well as with neighbouring providers and national partners, in order to manage disruption.

This has included:

  • Coordinating mutual aid to ensure patients needing time-sensitive care can receive it, including having operations at other hospitals
  • Working with Synnovis and trusts to find ways to increase the number of tests that can be reported per day
  • Working with other pathology services to reroute blood tests from GP surgeries. This is currently in place for practices in Lambeth and Southwark, and will be rolled out to other boroughs as soon as possible
  • Working with NHS Blood and Transplant to provide extra stocks of ‘universal’ blood types

Urgent and emergency services in the local area are available as usual. Patients are advised to access services in the normal way by dialling 999 in an emergency, and otherwise using NHS 111 through the NHS App, online or on the phone.

Despite the best efforts of NHS staff and partners, it has not been possible to avoid disruption for some patients.

In the interests of the public having a clearer picture of the extent of this disruption, NHS England London will now publish unverified management information on a weekly basis.

The data for the first week after the attack (3-9 June) shows that, across the two most affected trusts – King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust – more than 800 planned operations and 700 outpatient appointments needed to be rearranged. The majority of planned activity has continued to go ahead, with some specialities impacted more than others.

Trusts are working hard to make sure any procedures are rearranged as quickly as possible, including by adding extra weekend clinics. Patients will be kept informed about any changes to their treatment by the NHS organisation caring for them. This will be through the usual contact routes including texts, phone and letters. Any patient with a planned appointment at these trusts, who has not been contacted, should attend their appointment as normal.

In order to maintain additional levels of ‘universal’ blood stocks in affected services, NHS Blood and Transplant have called out to O Positive and O Negative blood donors to urgently book appointments to donate in one of the 25 town and city centre NHS Blood Donor Centres in England over the next few weeks, to boost stocks of O type blood following the cyber incident, with people urged to Visit blood.co.uk or call 0300 123 23 23 to book an appointment.

Synnovis is focused on the technical recovery of the system, with plans in place to begin restoring some functionality in its IT system in the weeks to come. Full technical restoration will take some time, however, and the need to re-book tests and appointments will mean some disruption from the cyber incident will continue to be felt over coming months.

Dr Chris Streather, Medical Director for NHS London, said: “Today’s data shows that NHS teams are working flat out to see as many patients as possible – but there is no doubt the ransomware cyber-attack on Synnovis is having a significant impact on services in south east London, with hundreds of appointments and procedures being postponed.

“Having treatment postponed is distressing for patients and their families, and we apologise to all those who have been impacted, and staff will work hard to re-arrange appointments and treatments as quickly as possible.

“While staff are working round the clock to mitigate the impact and Synnovis is working to recover its IT system, we expect disruption to be felt for some time.

“Sites impacted are continuing to prioritise the most urgent care, so please use services in the normal way by dialling 999 in an emergency and otherwise use NHS 111 through the NHS App, online or on the phone.

“If you have not heard from your healthcare provider, please attend appointments as normal.”

Professor Ian Abbs, Chief Executive of Guy’s and St Thomas’ NHS Foundation Trust, and Professor Clive Kay, Chief Executive of King’s College Hospital NHS Foundation Trust, said: “The cyber-attack has had a significant impact on our services, and this is likely to remain the case for some time yet. Despite the superb efforts of our staff and support from partners across London to continue caring for patients, we have had to postpone a number of operations and appointments which we are working to reschedule as quickly as possible.

“We fully recognise the distress that any delays in care can cause for our patients and their families, and we are very sorry for this. In the meantime, we would urge patients to attend for their appointments as planned unless they are contacted.”

St George’s University Hospitals NHS Foundation Trust is one of the trusts closely involved and is creating capacity to treat some patients who would ordinarily be seen at King’s College Hospital or Guy’s and St Thomas’ NHS Foundation Trusts. St George’s has set up an incident response room to manage requests and share information more easily, while ensuring it can continue to provide services to its own patients while supporting others.

Jacqueline Totterdell, Group Chief Executive at St George’s, Epsom and St Helier Hospitals and Health Group, said: “This is where the NHS comes into its own and it’s only with the support of colleagues from other parts of the NHS who are supporting St George’s that we are able to step up and support others.

“We’ve seen some of the sickest and most complex patients at St George’s – following the cyber attack – including patients needing major life changing surgery. So my thanks to the many doctors, nurses and other colleagues who are working hard to care for additional patients so there are no further delays to their care.”

Andrew Bland Chief Executive of South East London Integrated Care Board said: “We are sorry for the impact this cyber attack is having on local residents and would like to offer assurances that we are doing everything we can to resolve things, and prioritising the most urgent and critical patients. I would like to thank everyone working across the south east London system to respond to this incident. Colleagues in primary care, mental health, acute and community trust providers are working together tirelessly to make sure we focus on keeping our most vulnerable patients safe.”

Background

NHS London impact update based on provisional data reported by trusts and organisations involved.

Please note all numbers quoted are drawn from unvalidated management information; these have been provided in the interests of transparency.

Updates will be provided on a weekly basis as the incident continues.

The next update will be Friday 21 June.

The update shows that for the week 3 – 9 June 2024.

Planned care (day case and inpatient treatments)

Across Guy’s and St Thomas’ and King’s College Hospital NHS Foundation Trusts there have been:

  1. 814 elective procedures postponed
  2. 97 of these were cancer treatments

There is no immediate significant impact on cancer reported metrics. It is too early to understand the impact on 62 day performance and or Faster Diagnosis Standard for the affected trusts.

Transplant impacts

Across Guy’s and St Thomas’ and King’s College Hospital NHS Foundation Trusts there have been:

  1. 18 organs diverted for use by other trusts
  2. The majority of diverted organs have been kidneys

Maternity

Across Guy’s and St Thomas’ and King’s College Hospital NHS Foundation Trusts:

  • 5 planned C-sections have been postponed/rescheduled

Outpatients

Across Guy’s and St Thomas’ and King’s College Hospital NHS Foundation Trusts there have been:

  1. 736 hospital outpatient appointments postponed
  2. 125 community outpatient appointments have been postponed

Urgent and emergency care

All unplanned services, including A&E services, are open as normal.

Optional blood borne virus (HIV, Hep C and Hep B) tests, which are offered to A&E patients as part of a trial, are currently suspended.

Blood tests

South East London pathology services have been provided at approximately 10% of normal capacity. Half of this capacity has been ringfenced to support patients in the acute trusts at Guy’s and St Thomas’ NHS Foundation Trust and Kings College Hospital NHS Foundation Trust.

Primary care

Primary care appointments are going ahead as normal, however blood tests are being prioritised for urgent cases.

Impact on services and tests has varied however GP referrals have been significantly impacted with only urgent referrals being accepted for Blood Sciences (haematology, biochemistry, immunology, virology).  Normal services are operating for histology (a diagnosis and study of the tissues which are used to diagnose infections, cancer and other diseases) and cervical smears.

Wider impact

Synnovis provides specialist tests for other hospitals in the country, however the material service impact remains in south east London. Guy’s and St Thomas’ NHS Foundation Trust, King’s College Hospital NHS Foundation Trust and South London and Maudsley NHS Foundation Trust remain in a critical incident, while Oxleas NHS Foundation Trust, Lewisham and Greenwich NHS Trust, Bromley Healthcare, and primary care services in South East London continue to be significantly impacted and involved in the incident response.

Impacts on data

Where there is a ransomware attack, there is always a risk that cyber criminals also access data. Alongside work on restoring services, investigations are continuing to establish any possible impact to data.

The National Cyber Security Centre (NCSC) publishes advice for the public on how to spot and protect against cyber crime at www.ncsc.gov.uk.