A patient’s death has been officially linked to the June 2024 ransomware attack on Synnovis, a critical pathology services provider for several major NHS hospitals in London. King’s College Hospital NHS Foundation Trust confirmed that a patient safety investigation identified a long wait for a blood test result, a direct consequence of the cyberattack, as a contributing factor in the patient’s death. The attack is allegedly the work of the Russian-speaking ransomware syndicate Qilin, which crippled essential diagnostic services, including blood testing, across multiple London hospital trusts.
The disruption created a systemic crisis, forcing the cancellation of over 10,000 outpatient appointments and more than 1,700 elective procedures at just two of the affected trusts. The inability to conduct normal blood matching led to a reliance on universal O-type blood, triggering a national shortage and urgent appeals for donors. This incident marks a grim milestone, representing the first time a UK health authority has formally acknowledged a direct link between a cyberattack’s operational impact and a patient fatality, moving the threat from theoretical to tragically real.
In addition to the clinical paralysis, the Qilin group allegedly exfiltrated nearly 400GB of sensitive data after Synnovis refused to pay a reported $50 million ransom. The attackers subsequently published the stolen information on the darknet, exposing highly personal medical and financial records. The leaked data allegedly included:
- Patient names, dates of birth, and NHS numbers
- Descriptions of blood tests and sensitive pathology results
- Internal financial spreadsheets detailing hospital transactions
The attack has exposed the profound vulnerability of the healthcare sector’s reliance on third-party suppliers and has ignited urgent calls for reform. In response, NHS England has urged all vendors to adopt a new cybersecurity charter promoting fundamental security controls such as multi-factor authentication and consistent system patching. The event serves as a harrowing confirmation of what experts have long warned: cyberattacks on critical infrastructure are no longer just a matter of data and finance, but of life and death.
