A affected person demise has been linked to the cyber assault on NHS pathology system supplier Synnovis, King’s Faculty Hospital NHS Basis has confirmed.
The ransomware assault on 4 June 2024 induced widespread disruption to NHS companies in London, with 10,152 acute outpatient appointments and 1,710 elective procedures postponed at King’s Faculty Hospital NHS Basis Belief and Man’s and St Thomas’ NHS Basis Belief, and delays to blood testing in major care.
A spokesperson for King’s Faculty Hospital informed Digital Well being Information that one affected person died unexpectedly throughout the cyber assault.
“As is commonplace apply when this occurs, we undertook an in depth evaluation of their care.
“The affected person security incident investigation recognized various contributing elements that led to the affected person’s demise.
“This included an extended await a blood take a look at outcome because of the cyber assault impacting pathology companies on the time.
“We now have met with the affected person’s household and shared the findings of the protection investigation with them,” the spokesperson mentioned.
They added that the date of the demise or individual’s age can’t be confirmed as a consequence of confidentiality.
Responding to the information, Mark Greenback, chief government at Synnovis, mentioned: “We’re deeply saddened to listen to that final 12 months’s felony cyber assault has been recognized as one of many contributing elements that led to this affected person’s demise.
“Our hearts exit to the household concerned.”
Preliminary figures launched by NHS South East London Built-in Care Board in November 2024, recorded 5 instances of average hurt and 114 instances of low hurt because of the assault, however didn’t report any instances of great hurt.
Nevertheless, in January 2025 NHS knowledge obtained by Bloomberg Information revealed that healthcare professionals throughout a minimum of 4 London boroughs recorded two instances of extreme hurt, 11 instances of average hurt, and greater than 120 instances of low hurt as a direct consequence of the cyber assault.
Dr Saif Abed, founding associate and director of cybersecurity advisory companies at The AbedGraham Group, informed Digital Well being Information: “This tragedy, sadly, won’t be distinctive and will probably be repeated once more, doubtless at scale, in future until political management re-prioritises the problem.
“I ask the well being secretary to fee an impartial, clinically centered evaluation into NHS cybersecurity and affected person security.
“Likewise I ask the Well being Choose Committee to begin with an inquiry as a matter of urgency given the damaged nature of the NHS’s digital provide chain.”
Digital Well being Information reported that the cyber assault on Synnovis may have been prevented by two-factor authentication.
In the meantime, suppliers to the NHS have been urged by NHS England and the Division of Well being and Social Care to signal a constitution of cyber safety greatest apply.
The constitution, printed on 15 Might 2025, requests suppliers to take steps which embody sustaining assist for methods, making use of patches to identified vulnerabilities, making use of multi-factor authentication to networks and methods, and conserving “immutable backups” of crucial enterprise knowledge.
In April 2025, the federal government printed its plans for the Cyber Safety and Resilience Invoice, which is meant to forestall assaults much like the Synnovis assault.
