Ransomware Group Qilin Still Disrupts London NHS Pathology Services 18 Months After Attack
What Happened – In June 2024 the Qilin ransomware gang breached Synnovis, a blood‑testing provider for South‑East London NHS trusts, encrypting pathology systems and exfiltrating data on nearly one million patients. More than a year later at least one NHS trust (South London and Maudsley) remains unable to restore electronic pathology reporting, relying on paper‑based work‑arounds.
Why It Matters for TPRM –
- Ongoing service disruption increases clinical risk and can trigger regulatory penalties.
- Massive patient‑data exposure demonstrates the downstream impact of a third‑party breach on the health ecosystem.
- Prolonged recovery highlights gaps in vendor business‑continuity and backup validation.
Who Is Affected – NHS hospitals and outpatient clinics in South‑East London, the Synnovis blood‑testing service, and roughly one million NHS patients (including cancer and STI cases).
Recommended Actions –
- Review all contracts with pathology and laboratory service providers for breach‑notification, backup‑restore, and continuity clauses.
- Validate that third‑party vendors maintain immutable backups and regularly test restoration procedures.
- Conduct a supplemental risk assessment of any downstream systems (e.g., London Care Record) that ingest data from the affected provider.
- Ensure incident‑response playbooks include extended‑disruption scenarios and patient‑notification obligations.
Technical Notes – The attack leveraged ransomware malware (Qilin) to encrypt on‑premise pathology servers and exfiltrate patient records. No specific CVE was disclosed; the vector was likely credential theft or lateral movement within the provider’s network. Data types stolen included full pathology reports, demographic details, and diagnostic codes. Source: The Record