Stolen data published online has been confirmed as having come from the NHS provider Synnovis, NHS England has said.
Synnovis, which manages blood tests for NHS trusts and GP services, primarily in south-east London, was the victim of a cyber-attack – understood to have been carried out by the Russian group Qilin – on 3 June.
NHS England said the data was published online by the group on Friday. Hundreds of operations and appointments have been cancelled in the weeks since the incident.
In a statement on Monday, NHS England said there was “no evidence” the cybercriminals had published an entire database, but that it could take “some weeks” to learn which people were affected by the attack.
It said: “NHS England continues to work with Synnovis and the National Crime Agency to respond to the criminal ransomware attack on Synnovis systems. Synnovis has now confirmed through an initial analysis that the data published by a cybercrime group has been stolen from some of their systems.
“We understand people may be concerned by this, and Synnovis are working at pace to carry out the further analysis required to understand the full scale and nature of the data released and patients impacted.
“At present, Synnovis has confirmed there is no evidence the cybercriminals have published a copy of the database (Laboratory Information Management System) where patient test requests and results are stored, although their investigations are ongoing.”
According to the BBC, Qilin shared almost 400GB of data – including patient names, dates of birth, NHS numbers and descriptions of blood tests – on the dark web and its Telegram channel. Spreadsheets containing financial arrangements between hospitals and GP services and Synnovis were also published, the BBC reported.
NHS England said: “Investigations of this type are complex and can take time. Given the complexity of the investigation it may be some weeks before it is clear which individuals have been impacted.”
It added that local health systems would work together with additional resources to reduce impact on patients and process urgent blood samples.
after newsletter promotion
Between 10 and 16 June, the second week after the attack, more than 320 planned operations and 1,294 outpatient appointments were postponed at King’s College and Guy’s and St Thomas’ hospitals in London.
The number of rearranged planned operations had gone down by 494 since the first week after the attack, but the number of missed outpatient appointments had increased by 394. The total as of 20 June was 1,134 planned operations and 2,194 outpatient appointments postponed, according to NHS England.
Patients have been told to continue attending appointments unless told otherwise, while urgent care is available as usual.
