A patient’s death has been officially confirmed as linked to the June 2024 ransomware attack on Synnovis, a pathology services provider for the UK’s National Health Service (NHS), particularly affecting hospitals in southeast London. The attack was carried out by the Qilin ransomware group and severely disrupted diagnostic and pathology services, including blood testing and transfusion services.
Following the attack, King’s College Hospital NHS Foundation Trust conducted a thorough investigation into the unexpected death of a patient during the cyber incident. The investigation concluded that the cyberattack was a contributory factor in the patient’s death, specifically citing a prolonged delay in obtaining blood test results due to the disruption caused by the attack. While there were multiple contributing factors identified, the inability to access timely pathology services was highlighted as a key issue.
The ransomware attack led to the cancellation of over 10,000 appointments and more than 1,700 elective procedures, as well as causing a significant blood shortage in the region. In addition to the fatal outcome, official reports indicate that at least 170 patients suffered harm as a result of the attack, with most cases classified as low harm, but some involving moderate and severe harm.
The Qilin group also stole sensitive patient data and published it online after the ransom demand—reportedly $50 million—was not met. The attack and its aftermath have underscored the severe risks that cyberattacks pose to patient safety and healthcare infrastructure. The incident is considered one of the first times that a patient’s death has been directly linked to a cyberattack on a healthcare provider.
