NHS data breach: Blood test provider’s sensitive information stolen online

June 21, 2024
1 min read

TLDR:

Sensitive data stolen from an NHS provider in a cyber attack has been published online by a criminal group, causing over 1,100 planned operations and 2,100 outpatient appointments to be postponed. The cyber criminal group shared patient information hacked from Synnovis, a blood test provider, including patient names, dates of birth, and descriptions of blood tests on their darknet site and Telegram channel.

More than 1,100 planned operations and 2,100 outpatient appointments have had to be postponed due to the data theft from Synnovis, a blood test provider for the NHS. The criminal group responsible for the cyber attack claims to have released patient information online, including names, dates of birth, NHS numbers, and descriptions of blood tests. Spreadsheets containing financial arrangements between hospitals and GP services and Synnovis were also published.

NHS England is working with Synnovis, the National Cyber Security Centre, and other partners to determine the content of the published files and whether it relates to NHS patients. A helpline for patients worried about their details being published is being set up. The data theft has resulted in over 1,100 planned operations and 2,100 outpatient appointments being postponed, but urgent and emergency services have remained available.

Since the cyber attack on Synnovis, more than 320 planned operations and 1,294 outpatient appointments were postponed at King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust. The number of rearranged planned operations has gone down by 494, but a further 394 outpatient appointments have been missed. Synnovis is conducting an analysis of the data theft and taking the situation very seriously.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and