Cyber Incident Victim: Synnovis

On June 3, 2024, Synnovis—a pathology partnership between Guy’s and St Thomas’ NHS Foundation Trust, King’s College Hospitals NHS Trust, and SYNLAB—experienced a ransomware cyberattack that disrupted all its IT systems. The attack caused immediate interruptions to pathology services, forcing the organization to prioritize urgent work while canceling or redirecting other patient activity. Synnovis CEO Mark Dollar confirmed the incident in a public statement, acknowledging the attack’s impact but emphasizing that the full scope was still under investigation. A joint taskforce comprising Synnovis and NHS IT experts was mobilized to assess the damage and implement corrective measures. The incident affected patients across NHS services at the two partner hospitals and GP services in the London boroughs of Bexley, Greenwich, Lewisham, Bromley, Southwark, and Lambeth. Synnovis apologized for the disruption and distress caused to patients and service users, noting efforts to maintain communication with NHS partners to mitigate further consequences.

The organization reported the attack to law enforcement, the Information Commissioner’s Office, and the UK’s National Cyber Security Centre, collaborating with the latter’s Cyber Operations Team. Synnovis highlighted its prior investments in cybersecurity infrastructure but acknowledged the attack as a reminder of the indiscriminate nature of ransomware threats. No specifics about the attackers’ identity, ransom demands, or data compromise were disclosed. Media inquiries were directed to a dedicated crisis communications team, though Synnovis declined to address individual queries during the initial response phase. Pathology services remained partially disrupted, with no timeline provided for full restoration. The incident underscored the operational vulnerabilities of critical healthcare infrastructure to cyber threats, particularly within partnerships bridging NHS trusts and private diagnostic providers.