Thousands of procedures canceled at London hospitals as Qilin releases blood test data
The attack on blood testing company Synnovis continues to affect patients, while the ransomware group follows through with its threats


NHS England has revealed that it's been forced to cancel thousands of elective procedures and outpatient appointments since the cyber attack on blood testing company Synnovis on 3 June.
Meanwhile, attacker Qilin, a Russian-speaking ransomware group, has published almost 400GB of sensitive data on Telegram and its own dark web site after failing to secure a payout from the firm. This includes patient names, dates of birth, NHS numbers and descriptions of blood tests.
At the two affected NHS Trusts, King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust, more than 1,294 outpatient appointments and 320 elective procedures have been postponed this week.
This brings the total to 1,134 elective procedures and 2,194 outpatient appointments since the original attack.
"Although we are seeing some services operating at near normal levels and have seen a reduction in the number of elective procedures being postponed, the cyber attack on Synnovis is continuing to have a significant impact on NHS services in South East London," said Dr Chris Streather, medical director for NHS London.
Qilin is believed to have demanded $50 million for the data, while claiming that its attack was politically motivated; it told the BBC the attack was in retaliation for the government's refusal to help in an unspecified war.
Conor Agnew, lead cyber security assessor at Closed Door Security, said while the attack may well have been conducted for political reasons, there is undoubtedly a financial motivation at play.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
"Despite the actors stating the attack is politically motivated, it is most likely spurred by a desire to make money and financially benefit from the disruptions the incident is causing to patient care,” he said.
The latest leak, he added, is meant to ramp up the pressure on Synnovis to pay up, while demonstrating the highly sensitive data the Qilin now has in its possession.
Kevin Robertson, COO of Acumen Cyber, said questions still remain over how Synnovis will respond to the incident. Although authorities have been clear that negotiating with cyber crime groups is ill-advised, the frantic nature of ransomware attacks means some organizations succumb to pressure.
RELATED WHITEPAPER
"The UK government has made clear it will never negotiate with ransomware gangs, as they know this only fuels the industry. However, it’s not clear what approach a private organization like Synnovis will take. Clearly the organization is in a state of turmoil just now," he said.
"Other organizations must learn from this incident and work to harden their defenses against ransomware. These attacks are not going to go away, they are only going to increase, especially while Russia provides a safe haven for adversaries where they are celebrated for attacks, rather than penalized."
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.
-
Security experts issue warning over the rise of 'gray bot' AI web scrapers
News While not malicious, the bots can overwhelm web applications in a way similar to bad actors
By Jane McCallion Published
-
Does speech recognition have a future in business tech?
Once a simple tool for dictation, speech recognition is being revolutionized by AI to improve customer experiences and drive inclusivity in the workforce
By Jonathan Weinberg Published
-
NHS supplier hit with £3m fine for security failings that led to attack
News Advanced Computer Software Group lacked MFA, comprehensive vulnerability scanning and proper patch management
By Emma Woollacott Published
-
Cyber attack delayed cancer treatment at NHS hospital
News A cyber attack at Wirral University Teaching Hospital in 2024 delayed critical cancer treatment for patients, documents show.
By Nicole Kobie Published
-
Alder Hey Children’s Hospital confirms hackers gained access to patient data through digital gateway service
News Europe’s busiest children’s hospital confirmed attackers were able to steal data from a compromised digital gateway service
By Solomon Klappholz Published
-
Major incident declared as Merseyside hospitals hit by cyber attack
News The incident, which has led to cancelled appointments, is just the latest in a series of attacks on healthcare organizations
By Emma Woollacott Published
-
Ransomware group threatens to publish 3TB of stolen NHS Scotland data after posting proof of attack
News NHS Dumfries and Galloway has confirmed some of the sensitive data stolen during the 15 March attack has been published by a known ransomware operator
By Solomon Klappholz Published
-
Attack on third-party software vendor disrupts NHS ambulance services
News The ambulance services serve more than 10 million people across the south of England
By Ross Kelly Published
-
NHS data leak raises ‘serious questions’ about Manchester University cyber attack
News NHS patient data used for research purposes is believed to have been compromised in the June attack
By Ross Kelly Published
-
Cyber attack on software supplier causes "major outage" across the NHS
News Unconfirmed reports suggest the attack may be ransomware-related, while the NHS contends with disrupted services on the 111 non-emergency line
By Connor Jones Published