Overview

A patient death has been confirmed as linked to the cyber attack on the NHS pathology system provider, Synnovis, according to King’s College Hospital NHS Foundation Trust.

Details of the Incident

• The ransomware attack occurred on June 4, 2024.
• It resulted in significant disruptions to NHS services in London, including:
  • 10,152 acute outpatient appointments postponed
  • 1,710 elective procedures delayed
  • Blood testing delays in primary care

Investigation Findings

A spokesperson for King’s College Hospital stated that one patient died unexpectedly during the cyber attack. A thorough review of the patient’s care was conducted, revealing several contributing factors:

1. A prolonged wait for blood test results due to the cyber attack affecting pathology services.

The spokesperson noted that they have met with the patient’s family to discuss the findings, but confidentiality prevents them from disclosing the date of death or the patient’s age.

Reactions from Officials

Mark Dollar, CEO of Synnovis, expressed deep sadness over the incident, stating, “Our hearts go out to the family involved.”

Impact Assessment

Initial reports from NHS South East London Integrated Care Board indicated:

• Five cases of moderate harm and 114 cases of low harm were recorded.

However, further data obtained in January 2025 revealed:

• Two cases of severe harm, 11 cases of moderate harm, and over 120 cases of low harm directly linked to the cyber attack.

Call for Action

Dr. Saif Abed, a cybersecurity expert, emphasized the need for urgent political action to address cybersecurity in the NHS, urging the health secretary to initiate an independent review focused on patient safety.

Preventative Measures

Reports suggest that the cyber attack on Synnovis could have been mitigated through the implementation of two-factor authentication. In response, NHS England and the Department of Health and Social Care have urged suppliers to adhere to a charter of cybersecurity best practices, which includes:

• Maintaining system support
• Applying patches to known vulnerabilities
• Implementing multi-factor authentication
• Keeping “immutable backups” of critical data

Future Legislation

In April 2025, the government announced plans for the Cyber Security and Resilience Bill, aimed at preventing similar attacks in the future.

Sources

• NHS ransomware attack contributed to patient’s death
• NHS England » Synnovis cyber incident
• Patient’s death linked to cyber attack on NHS, hospital trust says
• NHS England confirm patient data stolen in cyber attack
• Patient death at London hospital linked to cyber attack on NHS