NHS England revealed today that multiple London hospitals impacted by last week’s Synnovis ransomware attack were forced to cancel hundreds of planned operations and appointments.

Formerly known as Viapath, Synnovis was established as GSTS Pathology in 2009 and switched to the Synnovis brand in October 2022. The organization was established as a partnership between SYNLAB UK & Ireland, Guy's and St Thomas' NHS Foundation Trust, and the King's College Hospital NHS Foundation Trust.

Ongoing service disruptions at Guy's and St Thomas' NHS Foundation Trust, King's College Hospital NHS Foundation Trust, and primary care providers across South East London result from Synnovis being locked out of its systems by a June 3 attack linked to the Qilin ransomware operation.

While memos issued by hospital officials revealed this "ongoing critical incident" has had a "major impact" on their procedures and operations (including blood transfusions and blood testing), the NHS said two days after the incident that emergency services like A&E, urgent care centers, and maternity departments are open as usual although some operations and procedures relying on pathology services had to be postponed.

However, on Friday, NHS London revealed the massive scale of the ransomware attack's impact on affected hospitals' operations, adding that it would likely take months until Synnovis fully restores its systems.

"The data for the first week after the attack (3-9 June) shows that, across the two most affected Trusts – King's College Hospital NHS Foundation Trust and Guy's and St Thomas' NHS Foundation Trust – more than 800 planned operations and 700 outpatient appointments needed to be rearranged," the NHS said.

"Synnovis is focused on the technical recovery of the system, with plans in place to begin restoring some functionality in its IT system in the weeks to come. Full technical restoration will take some time, however, and the need to re-book tests and appointments will mean some disruption from the cyber incident will continue to be felt over coming months."

NHS warns of blood reserve shortages

England's NHS Blood and Transplant (NHSBT) also issued a warning on Monday regarding a blood shortage at hospitals in London. They specifically need O-positive and O-negative blood donors to schedule appointments and help replenish the O-type blood reserves.

This blood is required for operations and procedures in cases where patients cannot afford to wait for alternative blood-matching procedures that may take several hours.

"We fully recognise the distress that any delays in care can cause for our patients and their families, and we are very sorry for this," said Professor Ian Abbs, Chief Executive of Guy's and St Thomas' NHS Foundation Trust, and Professor Clive Kay, Chief Executive of King's College Hospital NHS Foundation Trust in a joint statement.

"In the meantime, we would urge patients to attend for their appointments as planned unless they are contacted."

While the Qilin's dark web leak site went down days after the attack, it's now back online with the gang yet to claim the Synnovisbreach.

The Qilin ransomware operation emerged two years ago, in August 2022, under the "Agenda" name but quickly rebranded as Qilin.

Since then, the gang has been linked to or claimed many victims, with more than 130 companies added to its leak site since it surfaced. However, Qilin operators weren't very active until the end of 2023, when their attacks significantly increased.

They are known for carrying out double-extortion attacks, pressuring the targeted companies to meet their demands using data stolen before encrypting compromised systems. So far, BleepingComputer has seen Qilin ransom demands ranging from $25,000 to millions for higher-profile victims.

Related Articles:

Ransomware attack forces UMC Health System to divert some patients

BianLian ransomware claims attack on Boston Children's Health Physicians

U.S. govt agency CMS says data breach impacted 3.1 million people

Microsoft: Vanilla Tempest hackers hit healthcare with INC ransomware

INC Ransom threatens to leak 3TB of NHS Scotland stolen data