A Single Ransomware Attack Is Still Disrupting London Hospitals Almost Two Years Later—One Patient Death Was Linked to the Breach

The Attack

On June 3, 2024, the Qilin ransomware group launched an attack against Synnovis, a pathology partnership that provides blood testing services to hospitals across South East London. Synnovis is a joint venture between Guy's and St Thomas' NHS Foundation Trust, King's College Hospital NHS Foundation Trust, and the European diagnostics company SYNLAB.

The attack crippled blood testing across the region immediately. In the first 13 days alone, hospitals were forced to cancel 1,134 planned operations and 2,194 outpatient appointments. Blood supplies across London fell to what officials described as a "very fragile position," prompting warnings that only the most critical transfusions could be prioritized.

Qilin demanded $50 million in ransom. When the deadline expired, the group published stolen patient data on its dark web leak site. The breach affected nearly one million NHS patients, including those with conditions like cancer and sexually transmitted infections. Victims were not notified until late 2025, more than a year after their data was exposed.

Still Broken in 2026

Almost two years after the attack, the damage has not been fully repaired. Internal NHS documents obtained by The Record reveal that at least one NHS trust is still operating without fully restored pathology systems.

South London and Maudsley NHS Foundation Trust (SLaM) remains the most severely affected. As of early 2026:

• Pathology systems have not been restored
• The trust operates without electronic requesting or reporting for lab tests
• Staff rely on paper processes and manual uploads
• The system remains unavailable on the London Care Record, a shared platform used across NHS London organizations

The Numbers

The quantified impact is staggering:

• 161,560 pathology reports delayed entry into patient records (as of January 2026)
• 122 patient safety incidents involving incorrect, unavailable, or delayed test results
• 10,152 acute outpatient appointments postponed
• 1,710 elective procedures cancelled
• 1 patient death at King's College Hospital where the cyberattack was considered a contributing factor

One patient death at King's College Hospital was documented where the cyberattack "was considered a contributing factor," though investigators could not definitively establish direct causation. The patient needed blood test results that were delayed or unavailable due to the ongoing system outage.

Why Recovery Takes So Long

Healthcare IT systems are not like consumer software that can be reinstalled from a backup in hours. Pathology systems handle test ordering, result reporting, quality control, and integration with dozens of other clinical applications. Rebuilding these systems means verifying that every data pipeline, every interface, and every automated workflow is functioning correctly before patient care can depend on it again.

The affected hospitals serve some of London's most complex patient populations. Guy's and St Thomas' is one of the largest NHS trusts in the country. King's College Hospital is a major trauma center. SLaM provides mental health services across four London boroughs. These organizations cannot afford to bring systems back online until they are certain the results will be accurate.

Meanwhile, the ransomware threat to healthcare continues to grow. The ChipSoft attack in the Netherlands and the Covenant Health breach in the United States show that Qilin and other ransomware groups continue to target healthcare infrastructure specifically.

The Data Exposure

Beyond the operational disruption, the Qilin group stole and published sensitive patient data affecting nearly one million people. The leaked records included pathology test results, which can reveal diagnoses for conditions including cancer, HIV, and other sexually transmitted infections.

For patients, this is not just a data breach. It is an exposure of some of the most intimate health information a person can have. And the notification delay of more than a year meant patients had no way to know their data was circulating on criminal forums during that entire period.

What This Case Demonstrates

The Synnovis attack is the clearest example to date of how ransomware can cause sustained, measurable harm to human health. The 122 patient safety incidents and at least one death linked to the breach demolish the argument that ransomware is merely a financial inconvenience.

For healthcare organizations, the lesson is that incident response planning must account for recovery timelines measured in years, not days. The Synnovis attack was not unusually sophisticated. Qilin is a well known ransomware as a service operation. But the interconnected nature of healthcare IT means that a single vendor compromise can cascade across an entire regional health system and persist far beyond the initial attack.

For patients, the case raises a difficult question: if a ransomware attack on a third party vendor can disrupt your hospital's ability to process blood tests for nearly two years, what recourse do you have? The answer, for now, is very little. And that is exactly the problem regulators and lawmakers need to address.