The ransomware attack that crippled Synnovis, a key pathology provider for southeast London’s NHS Trusts, continues to disrupt critical services nearly a month after the initial attack. While some progress has been made, the slow recovery highlights the fragility of healthcare infrastructure and the potential for wider patient data breaches.
Technical Hurdles Plague Restoration Efforts
The attack that took place on June 3 knocked out most of Synnovis’ IT systems, impacting everything from lab analysis equipment to results transmission. With electronic workflows crippled, the lab reverted to manual processes, significantly hindering processing capacity and turnaround times.
The daily blood sampling count in major London hospitals plunged from 10,000 to merely 400 per day after the cyberattack. The biggest challenge that Synnovis is facing is that all its automated end-to-end laboratory processes are offline, since all IT systems have been locked down in response to the ransomware attack.
The ongoing recovery prioritizes critical systems first. New middleware deployed at partner hospitals aims to streamline result reporting, but full restoration remains a distant prospect. Synnovis is collaborating its parent company, SYNLAB, and NHS to ensure a secure and phased recovery.
Mutual Aid Boosts Capacity, But Data Breach Looms Large
To address the backlog of critical tests, Synnovis implemented a “Mutual Aid” program across southeast London boroughs, leveraging partner labs within the NHS network. Additionally, SYNLAB is diverting resources from its wider UK and international network to bolster processing capacity.
However, a more concerning development emerged on June 20. A Russian ransomware group called Qilin claimed responsibility for the attack and leaked data online. Synnovis later confirmed the published data was stolen from its administrative drives.
“This drive held information which supported our corporate and business support activities. Synnovis personnel files and payroll information were not published, but more needs to be done to review other data that has been published relating to our employees.” – Synnovis
While a full analysis is ongoing, initial findings suggest the data may contain patient information like full names, NHS numbers, and test codes.
Uncertainties for Synnovis Remain as Investigation Continues
The stolen data appears partial and in a complex format, making analysis and identification of impacted individuals challenging. Synnovis, with assistance from the NCSC and NHS cybersecurity specialists, is investigating the attack’s scope and potential data breach. Law enforcement and the Information Commissioner are also kept informed.
Mark Dollar, CEO of Synnovis, acknowledged the disruption and expressed regret for the inconvenience caused.
“We are very aware of the impact and upset this incident is causing to patients, service users and frontline NHS colleagues, and for that I am truly sorry. While progress has been made, there is much yet to do, both on the forensic IT investigation and the technical recovery. We are working as fast as we can and will keep our service users, employees and partners updated.” – Mark Dollar, CEO of Synnovis
However, the timeline for full system restoration and the extent of the potential data breach remain unclear.
The Synnovis attack highlights a broader trend within healthcare IT systems and the potential consequences of third-party cyberattacks. SYNLAB, the parent company of Synnovis, has been targeted by cybercriminals multiple times in the last year. Similar attacks hit their subsidiaries in Italy in April 2024 and a year earlier in France. These incidents underline a concerning rise in third-party vulnerabilities within the healthcare industry.
As Synnovis grapples with recovery, the cybersecurity community awaits further details on the data breach and its potential impact on patients.
