Synnovis Attackers Publish NHS Patient Data Online

Written by

Threat actors have published nearly 400GB of data stolen from pathology provider Synnovis, including sensitive NHS patient information, according to reports.

The data was apparently accessed by ransomware group Qilin following the attack on critical NHS supplier Synnovis on June 3, 2024. The gang reportedly posted the information on its darknet site and Telegram channel on Thursday, June 20.

The data purportedly included patient names, NHS numbers and descriptions of blood tests. Additionally, business account spreadsheets have been uploaded, detailing arrangements between hospitals and GP services and Synnovis.

The BBC reported a statement from NHS England confirming that the service was aware of the publication by a cybercriminal group.

“We understand that people may be concerned by this and we are continuing to work with Synnovis, the National Cyber Security Centre (NCSC) and other partners to determine the content of the published files as quickly as possible,” stated NHS England.

"This includes whether it is data extracted from the Synnovis system, and if so whether it relates to NHS patients."

Synnovis also released a statement regarding the data dump by Qilin, revealing that the analysis of the data is already underway.

“We will keep our service users, employees and partners updated as the investigation progresses,” the firm wrote.

Commenting on the story, Conor Agnew, lead cyber security assessor at Closed Door Security, said the published data is likely a sample of the full volume stolen, used as an extortion tactic.

“We don’t know how Qilin breached Synnovis’ network, but the attackers are not backing down. They have set their demand, and they want paid. This recent leak is to apply more pressure on Synnovis and motivate the company into paying, while demonstrating the highly sensitive data the Qilin now has in its possession,” explained Agnew.

Ransomware Attack Continues to Disrupt Critical NHS Services

Synnovis is a critical supplier of pathology services for a large number of NHS clients in the south-east England, including blood tests, swabs and bowel tests. The incident has therefore had a huge impact on NHS services from affected hospitals, leading to cancelled appointments and operations.

In an update on the incident on June 20, NHS England revealed that more than 1294 outpatient appointments and 320 elective procedures had to be postponed in the second week of the attack (10-16 June) at the two most affected hospitals - King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust.

This means a total of 1134 elective procedures and 2194 outpatient appointments have been postponed at the two London NHS Trusts as a result of the incident.

Dr Chris Streather, medical director for NHS London, commented: “Although we are seeing some services operating at near normal levels and have seen a reduction in the number of elective procedures being postponed, the cyber-attack on Synnovis is continuing to have a significant impact on NHS services in South East London.

“Having treatment postponed is distressing for patients and their families, and I would like to apologise to any patient who has been impacted by the incident, and staff are continuing to work hard to re-arrange appointments and treatments as quickly as possible.”

What’s hot on Infosecurity Magazine?