Synnovis, a pathology laboratory which processes blood tests on behalf of a number of NHS organisations mostly in south-east London, suffered a ransomware cyber attack on June 3.

The criminals behind the attack published data files on June 20. Synnovis confirmed on 24 June 2024, through an initial analysis, that the data published was stolen from some of their systems.

We understand people may be concerned by this, and Synnovis are working at pace to carry out the further analysis required to understand the full scale and nature of the data released and patients impacted.

The attack has meant the NHS cannot use some of its systems essential to run blood tests in south-east London.

Blood tests are vital for a wide range of treatments, meaning this criminal attack has caused significant disruption in south-east London across a range of different treatments. While this has resulted in the postponement of appointments and operations affected by the attack, it’s important that any patients do continue to attend their appointments unless they have been asked not to.

All urgent and emergency services such as A&E, urgent care centres and maternity departments remain open as usual (although there may be some delays if people require blood tests).

Yes. Synnovis has confirmed that a cyber criminal group published data that was stolen from their systems.

We understand people may be concerned by this, and Synnovis are working at pace to carry out the further analysis required to understand the full scale and nature of the data released and patients impacted.

The format in which the stolen data has been published represents a partial copy of the content from the administrative working drive.

The main database where patient test requests and results are stored is separate, and is called the Laboratory Information Management System. At present, Synnovis has confirmed there is no evidence the cyber criminals have published a copy of this database, although their investigations are ongoing.

You should always be alert to approaches from anyone claiming to have your data and to any other suspicious calls or emails, particularly if you are asked to provide personal or financial data.

If you are contacted by someone who claims they have your data please contact Action Fraud who are the UK’s national reporting centre for fraud and cybercrime or call 0300 123 2040.

Send suspicious emails to report@phishing.gov.uk or texts to 7726.

The National Cyber Security Centre (NCSC) has further guidance for individuals and families on data breaches.

You will not receive unexpected contact from the NHS asking for personal or financial information.

If you receive an unexpected or suspicious email or a communication by other means that claims to come from the NHS, you should double-check it’s legitimate by contacting the organisation or department directly.

Don’t use an address or phone number from the message itself – use the details from the official organisation’s website, for example the NHS trust or GP practice where you’ve been receiving care.

Please contact Action Fraud who are the UK’s national reporting centre for fraud and cybercrime or call 0300 123 2040.

Send suspicious emails to report@phishing.gov.uk or texts to 7726.

We understand people will be concerned. Investigations of this type are complex and can take time. Given the complexity of the investigation it may be some weeks before it is clear which individuals have been impacted.

As more detail becomes available through Synnovis’ full investigation, the NHS will continue to provide updates on the incident website which has answers to a number of frequently asked questions. The incident helpline can support people with additional questions that they might have.

Synnovis has advised NHS England that the stolen data published by the cyber criminal gang includes information originating from Synnovis’ administrative working drive. The information in this drive was created for the corporate and business support activities of Synnovis.

An initial analysis of the stolen data which was published found in some circumstances this information may contain personal data such as names, NHS numbers and test codes, although analysis is ongoing. The codes tell Synnovis the nature of the test that has been requested.

The format in which the stolen data has been published represents a partial copy of the content from the administrative working drive. This makes it complex to interpret and is why it will take some time to carry out full analysis to identify the full nature of the impacted data, organisations and individuals.

The investigation into what data has been stolen and released is ongoing.

Investigations of this type are complex and can take time. Given the complexity of the investigation it may be some weeks before Synnovis is clear about which individuals have been impacted. As more detail becomes available through Synnovis’ full investigation, the NHS will continue to provide updates on the incident website.

This website contains the most up to date information about the cyber incident and will be regularly updated. If you need to speak to someone about your questions, please call our incident helpline on 0345 8778967.

You should continue to use the NHS as normal if you are worried about your health, but please do not contact your local hospital or GP practice to ask whether your data has been impacted by this attack as they do not hold this information.

If you have not heard from your healthcare provider, please attend appointments as normal as services including outpatients and community services are mostly running as usual, including cervical screening.

All urgent and emergency services such as A&E, urgent care centres, maternity department remain open as usual (although there may be some delays if people require blood tests).

Blood tests are vital for a wide range of treatments, meaning this criminal attack has caused significant disruption in south east London across a range of different treatments. While this has resulted in the cancellation of appointments and operations affected by the attack, it’s important any patients who have not been contacted about this do continue to attend their appointments.

Synnovis still have a copy of the data encrypted in the incident and so historic test results are already available to lab technicians, and will be available to all clinicians once the IT systems are fully restored. Restoration of the systems however may take a while.

Unprocessed samples were made safe by Synnovis and stored in their labs. However, due to the time that has now lapsed, some of these samples are no longer suitable for analysis and will need to be discarded.

Synnovis is working with the NHS Trusts and GP practices to determine which samples are affected and the process for informing patients.

We understand the distress this will cause patients who have to re-test. Synnovis have also put additional resources in place to ensure that urgent samples received from GP practices or hospitals can still be processed within appropriate timeframes.

Synnovis is focused on the technical recovery of the system, with plans in place to begin restoring some functionality in its IT system in the weeks to come.

Whilst the IT recovery plan is on track, full technical restoration will take some time, however, and the need to re-book tests and appointments will mean some disruption from the cyber incident will be felt over coming months.

We are very aware of the disruption caused to patients and staff are working hard to ensure patients have all the information they need. Patients will be kept informed about any changes to their treatment by the NHS organisation caring for them. This will be through the usual contact routes including texts, phone and letters