Ransomware attack continues to disrupt healthcare in London nearly two years later The Record from Recorded Future News

pppLeadershipppCybercrimeppNationstatepp Influence Operations ppTechnologyppCyber DailyppClick Here Podcastpp Free Newsletterpp More than 18 months after a ransomware attack disrupted care at hospitals in South East London internal documents show at least one NHS trust is still working without fully restored systems and managing large backlogs of delayed test results The delays mean results may not be available when clinicians need them increasing the risk they are missed or acted on late pp The June 2024 attack on Synnovis impaired blood testing across South East London forcing hospitals to cancel operations and delay treatment It also affected blood supplies leaving stocks in what officials described as a very fragile position and prompting warnings that only the most critical transfusions might be prioritized pp The attack by the Qilin ransomware group also involved the theft and publication of sensitive patient data Reporting indicated that information relating to nearly one million NHS patients may have been exposed including individuals with conditions such as cancer and sexually transmitted infections Many patients were not notified until late 2025 pp The Information Commissioners Office declined to comment on the specifics of the Synnovis case and said its investigation into the incident is ongoing pp NHS England said 10152 acute outpatient appointments and 1710 elective procedures were postponed because of the attack and that by the end of 2024 services had been restored However freedom of information responses from affected organizations indicate that at least one trust has not fully returned to normal NHS England did not respond to a request for comment pp At South London and Maudsley NHS Foundation Trust SLaM pathology systems have not been restored as of publication with the trust still operating in business continuity without electronic requesting or reporting and relying on paper processes and manual uploads pp The trust said staff had worked to maintain services using manual processes despite the disruption It estimated the entering of 161560 pathology reports into patient records had been delayed as of early January 2026 pp Copies of emails said clinicians at SLaM were warned not to rely on the timely return of blood results Critical results are being communicated by phone while full reports are being delivered as paper or PDFs and manually uploaded into patient records pp The same documents state that since the attack no pathology reports for SLaM patients have been available in the London Care Record a shared system used across NHS organizations in the capital and that normal service had not resumed for the trust pp Professor Derek Tracy the trusts chief medical officer said the disruption has been a challenge for staff and services but through the efforts in particular of our pathology team at SLaM we have worked to mitigate risks as best we can pp The trust said these workaround processes carried risks including delays transcription errors and the potential for patient misidentification Its data recorded 122 patient safety incidents of incorrect unavailable or delayed pathology results as of January 2026 pp Other trusts reported different measures of impact from more than 11000 canceled appointments at Lewisham and Greenwich NHS Trust to no recorded harm at Guys and St Thomas NHS Foundation Trust The figures are not directly comparable reflecting differences in how the incident was recorded pp NHS South East London the integrated care board responsible for coordinating services across the region said most organizations affected by the attack were no longer experiencing ongoing disruption and that impacted IT infrastructure had been rebuilt It said analysis of the incident is ongoing but did not set out the impact in detail pp The most serious reported outcome came at Kings College Hospital NHS Foundation Trust which recorded a patient death in which the cyberattack was considered a contributing factor but said it was not possible to determine whether it directly affected the outcome pp Recorded Future News understands the death occurred in a complex clinical case The trust said it was identified through an incident reporting field added after the cyberattack and that a delay in receiving a blood test result was among the contributing factors pp Patient safety specialists say such classifications are typical in healthcare systems pp Healthcare is a complex sociotechnical system with lots of human interactions alongside technology and its very difficult to unpick how those combine to produce an outcome said Nick Woodier of the Health Services Safety Investigations Body HSSIB adding that safety science focuses on contribution rather than direct causation pp In its FOI response SLaM said it had not been possible to quantify the impact of delays on diagnosis or treatment despite recording incidents linked to missing or delayed results pp National data reflects that uncertainty The Department of Health and Social Care recorded six cyberrelated incidents across the NHS in 2024 Two were classified as posing potential clinical harm defined as incidents where more than 50 patients were considered at risk None were recorded as causing excess fatalities pp The HSSIB is currently investigating how healthcare organizations respond when electronic patient record systems lose functionality including how prepared staff are to revert to manual processes and whether contingency plans are effective pp Research has also highlighted wider concerns about the resilience of NHS systems to disruption A recent study by Kings College London found that cyber incidents and other digital outages can have cascading effects on clinical care particularly where services depend on integrated systems and realtime data access pp The paper described ransomware as the most significant current cyber threat to the NHS and warned that a single major technology failure could have serious consequences for patient safety It cited the Synnovis incident as an example of the risks posed by supplychain dependencies and uneven resilience across the health service ppAlexander Martinpp is the UK Editor for Recorded Future News He was previously a technology reporter for Sky News and a fellow at the European Cyber Conflict Research Initiative now Virtual Routes He can be reached securely using Signal on AlexanderMartin79 ppPrivacyppAboutppContact Uspp Copyright 2026 The Record from Recorded Future Newsp