Synnovis cyber incident
Update – 24 June 2024, 5pm
NHS England continues to work with Synnovis and the National Crime Agency to respond to the criminal ransomware attack on Synnovis systems.
Synnovis has now confirmed through an initial analysis that the data published by a cyber crime group has been stolen from some of their systems.
We understand people may be concerned by this, and Synnovis are working at pace to carry out the further analysis required to understand the full scale and nature of the data released and patients impacted.
At present, Synnovis has confirmed there is no evidence the cyber criminals have published a copy of the database (Laboratory Information Management System) where patient test requests and results are stored, although their investigations are ongoing.
As more detail becomes available through Synnovis’ full investigation, the NHS will continue to provide updates here and a helpline has been set up to support people impacted.
Investigations of this type are complex and can take time. Given the complexity of the investigation it may be some weeks before it is clear which individuals have been impacted.
Local health systems will continue to work together to manage the impact on patients with additional resources put in to ensure urgent blood samples can still be processed, while laboratories are now able to see historic patient records.
Patients should continue to attend their appointments unless they have been told otherwise and should access urgent care as they usually would.
Update – 21 June 2024, 4pm
On 3 June, Synnovis, a pathology laboratory which processes blood tests on behalf of a number of NHS organisations, primarily in South East London, was the victim of a cyber attack.
NHS England has been made aware that a cyber criminal group published data last night which they are claiming belongs to Synnovis and was stolen as part of this attack.
The National Crime Agency and National Cyber Security Centre are working to verify the data included in the published files as quickly as possible.
We understand that people may be concerned by this and as more information becomes available through Synnovis’ full investigation, the NHS will continue to update patients and the public on this webpage.
A helpline has been set up and is available to answer questions. As we have further information about whether data has been leaked, and which data that is, the information will be posted here first.
Patients should continue to attend scheduled appointments and access urgent care as normal.
Update – 21 June 2024, 9am
On 3 June, Synnovis, a pathology laboratory which processes blood tests on behalf of a number of NHS organisations, primarily in South East London, was the victim of a cyber attack.
NHS England has been made aware that the cyber criminal group published data last night which they are claiming belongs to Synnovis and was stolen as part of this attack.
We understand that people may be concerned by this and we are continuing to work with Synnovis, the National Cyber Security Centre and other partners to determine the content of the published files as quickly as possible. This includes whether it is data extracted from the Synnovis system, and if so whether it relates to NHS patients.
As more information becomes available through Synnovis’ full investigation, the NHS will continue to update patients and the public.
The attack is being investigated by law enforcement agencies.
View all the incident updates: NHS England » News