Data from NHS cyberattack that canceled operations 'posted online by criminal group'

Sensitive data from a ransomware attack on an NHS provider is believed to have been posted online by a group of cybercriminals, according to NHS England.

Synnovis, which provides blood-based pathology services primarily in south-east London, was the victim of a cyberattack – believed to be carried out by the Russian group Qilin – on June 3.

Hundreds of operations and appointments are still canceled two weeks after the incident.

According to the BBC, the cybercriminal group shared almost 400GB of data – including patients’ names, dates of birth, NHS numbers and descriptions of blood tests – on its darknet site and Telegram channel. It is unclear whether test results are also included in the data.

NHS provider carrying out blood tests falls victim to cyberattack (Simon Dawson/PA) — NHS provider carrying out blood tests falls victim to cyber attack (Simon Dawson/PA) (PA Archives)

Spreadsheets containing financial arrangements between hospitals, GP services and Synnovis have also been published, the BBC reported.

More than 1,130 planned operations and 2,190 outpatient appointments have been postponed in London’s hospitals, with King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust hardest hit.

The independent previously revealed that thousands of blood samples were set to be destroyed as a result of the cyberattack, with GP practices in London only able to carry out 400 out of 10,000 tests per day.

NHS England has pledged to publish weekly data on the impact of the cyber attack, after admitting it would take months for hospitals to fully recover from its impact.

Among those who had their operations canceled was Russell Ashley-Smith, 81, who said The independent that he fears for his health after the postponement of a procedure which would have allowed him to save his life.

He is awaiting complex open-heart surgery at King’s College Hospital in Denmark Hill, without which he could have up to two years to live.

Guy's and St Thomas' hospitals are among those affected by the cyber attack (Georgie Gillard/PA) — Guy’s and St Thomas’ hospitals are among those affected by the cyber attack (Georgie Gillard/PA) (PA Archives)

In a statement on Friday morning, NHS England said: “NHS England has been informed that the cybercriminal group published data last night which they believe belongs to Synnovis and was stolen as part of this attack.

“We understand that this may worry people and we continue to work with Synnovis, the National Cyber Security Center and other partners to determine the contents of the released files as quickly as possible.

“This includes whether it is data taken from the Synnovis system and, if so, whether it relates to NHS patients.

“As more information becomes available from the full Synnovis investigation, the NHS will continue to inform patients and the public.”

Synnovis, in a statement released Friday, said: “We know how worrying this development can be for many people. We take this very seriously and an analysis of this data is already underway.

Between June 10 and 16, the second week after the attack, more than 320 planned operations and 1,294 outpatient appointments were postponed at King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust.

The number of reorganized planned operations was 494 lower than in the first week after the attack, but the number of missed outpatient appointments increased by 394.

Receive the free Morning Headlines email for news from our journalists around the world.

Sign up for our free Morning Headlines email