London hospitals in disarray as cyberattack cripples testing services

Poses serious challenge to urgent and emergency care

Six hospitals have been affected by the attack, including St Thomas' near Westminster

Image:
Six hospitals have been affected by the attack, including St Thomas' near Westminster

London's healthcare system is in crisis after a major cyberattack crippled a key pathology provider, forcing two NHS trusts to cancel all non-emergency operations and blood tests.

The attack, believed to be ransomware, targeted Synnovis, a private company responsible for blood tests, swabs, bowel tests and other crucial services for hospitals across six London boroughs.

Synnovis is a partnership between European firm Synlab, Guy's and St Thomas' Foundation Trust (GSTT) and King's College Trust.

Synnovis's IT system was locked by the attack, preventing hospitals from accessing the blood test results needed for diagnoses and treatment decisions.

The incident impacted several hospitals, including Guy's, St Thomas', King's College, the Evelina children's hospital, Royal Brompton and Harefield specialist hospitals, and the Princess Royal hospital in Kent.

Emergency departments and outpatient appointments remain operational, but elective surgeries have been either cancelled or moved to other hospitals.

Hospitals have been instructed to request emergency blood samples only for patients requiring transfusions.

Transplants have also been affected due to the inability to cross-check blood types. GPs have been forced to cancel all non-urgent blood test appointments, delaying both diagnosis and treatment for potentially tens of thousands of patients.

Vanessa Welham from Streatham told the BBC that her husband's blood test at Gracefield Gardens health centre was cancelled on Monday evening.

"My husband received a text message last night advising his appointment this morning had been cancelled due to circumstances beyond their control, and that all major south London hospitals are unable to take any bookings for an indefinite period of time.

"He went on to the Swift website and made a new appointment - the earliest available was 17th June, but that's probably questionable."

Professor Ian Abbs, CEO of Guy's and St Thomas', apologised for the disruption in a letter to staff, acknowledging the frustration and inconvenience this causes for patients and staff alike.

The NHS has activated "mutual aid" procedures, where unaffected hospitals step in to handle some of the affected hospitals' workload.

No swift resolution

NHS insiders warn the situation could take "weeks or months" to resolve, raising concerns about the long-term impact on patient care.

The government has assured the public that patient safety remains their top priority, and support is being provided to affected organisations.

NHS England's London region stated that emergency care is still available, urging patients to access these services as needed.

Law enforcement, the National Crime Agency and the Information Commissioner's Office are all involved in the investigation.

Synnovis itself is working with the NCSC and the NHS's Cyber Operations team to resolve the attack.

The company claims to have invested heavily in cybersecurity, though the incident raises questions about their preparedness. A spokesperson acknowledged the attack as a "harsh reminder" and pledged to cooperate with authorities while working to minimise disruption.

"Sprawling ecosystem" of partners creates wide attack surface

Cyber professionals have been quick to comment.

Rick Jones, CEO of managed security provider DigitalXRAID, described the disruption as "deeply concerning".

"Healthcare organisations, faced with time and resource constraints, often outsource services such as HR, payroll, and cleaning services. On top of this, hospitals are connected to countless third-party pharmaceutical suppliers, academic institutions, and software vendors. This creates a sprawling ecosystem of partners, each representing a potential entry point for an attack," he said.

"With supply chains continually targeted by cybercriminals, it has never been more important for organisations to assess the cybersecurity maturity of third-party suppliers during the tendering process and adopt proactive solutions to bolster their cyber resiliency."

Jake Moore, global cybersecurity advisor at ESET, said: "This latest disruption highlights the critical need for more effective and sturdy backup systems and solutions as well as having better security and education in place - especially if it has put lives at risk with cancelled operations. Investing in robust cybersecurity, regardless of the cost, is essential to protect against legacy and evolving cyber threats."

Trevor Dearing, director of critical infrastructure at Illumio, said the attack is "another example of why breach containment is paramount."

"The 'chaos factor', the act of causing mass societal upheaval, is now the driving force behind many cyberattacks, and healthcare is one of the few sectors where cyberattacks can fatally impact human life."

"The fact the attacker gained access to the network through a third-party IT supplier isn't a surprise. Cybercriminals will always go after the weakest link to gain access to more valuable systems."