The Qilin ransomware attack on Synnovis last year caused critical delays in pathology services across London NHS trusts, contributing to the death of a patient at King’s College Hospital. The breach exposed millions of records, halted thousands of operations, and cost Synnovis over £32 million, highlighting serious vulnerabilities in UK healthcare cyber defences.
Last year’s cyberattack on Synnovis, a major pathology services provider for the NHS in London, has been officially linked to the death of a patient at King’s College Hospital. The incident, carried out by the Russian-speaking ransomware group Qilin, severely disrupted diagnostic services across multiple NHS trusts, including King’s College, Guy’s and St Thomas’, and Lewisham and Greenwich hospitals, as well as numerous GP practices. The attack caused critical delays in blood test results, which were identified as a key factor contributing to the patient’s unexpected death during the cyber incident.
King’s College Hospital NHS Foundation Trust conducted a thorough safety investigation, revealing multiple contributing factors to the patient’s death, including the prolonged wait for blood test results due to the compromised pathology services. The trust shared the findings with the patient’s family, and Synnovis CEO Mark Dollar expressed deep sorrow, saying, “Our hearts go out to the family involved.” This incident represents one of the first confirmed cases in the UK where a patient fatality has been associated with a cyberattack on healthcare infrastructure.
The impact of the attack was extensive and wide-ranging. It halted blood testing services, forced the postponement of 1,710 operations across affected trusts, and disrupted over 10,000 outpatient appointments. Sky News reported delays to approximately 1,100 cancer treatments, compounding the already critical pressures faced by NHS providers. The shortages extended to blood supplies, forcing healthcare workers to rely on universal O-type blood, which contributed to a national shortage of this vital resource as explained by NHS England. Nearly 600 patient safety incidents were attributed to the attack, with two classified as severe, indicating permanent harm or life-threatening delays.
Qilin reportedly demanded a $50 million ransom, which Synnovis did not pay, prompting the group to publish nearly 400GB of stolen sensitive data online via darknet and messaging platforms. This leaked data included patient names, dates of birth, NHS numbers, blood test descriptions, and financial arrangements between hospitals and Synnovis, raising profound concerns about patient confidentiality and data security. The enormous scale of the breach affected tests dating back several years and included records from private healthcare providers served by Synnovis, underscoring the far-reaching consequences of the attack.
Financially, the repercussions for Synnovis were devastating. The cyberattack generated estimated costs exceeding £32 million, more than seven times the company’s 2023 annual profits of £4.3 million. Recovery remains ongoing, with Synnovis recently completing the first phase of its restoration efforts. Despite the massive disruption, the company expects to regain profitability through a long-term outsourcing contract with the NHS trusts it serves. However, investigations persist, and regulatory fines from the Information Commissioner’s Office remain a possibility.
This tragedy follows a grim precedent of fatal consequences linked to ransomware attacks on healthcare facilities. Notably, in 2020 a ransomware attack on University Hospital Düsseldorf in Germany forced emergency services to reroute a critical patient to a hospital 32 kilometres away, resulting in her death. Experts have emphasised the urgent need for timely cybersecurity updates and an independent review of healthcare digital security. Dr Saif Abed, a cybersecurity specialist, warned that other deaths linked to such incidents may remain undetected due to insufficient investigations, calling for greater scrutiny of NHS cybersecurity resilience.
The Qilin group operates a ransomware-as-a-service model, leasing malware to affiliates and targeting organisations predominantly in Western countries while based in Russia. While generally tolerated by Russian authorities, these gangs function without direct state control. Cybersecurity research indicates that last year alone victims paid a record $1.1 billion in ransomware payments globally, highlighting the lucrative and growing nature of this threat.
The cyberattack on Synnovis and the broader NHS services underlines the increasing vulnerabilities faced by healthcare systems relying extensively on digital infrastructure and private providers. It starkly illustrates the human cost of cybercrime in healthcare, with widespread operational disruption translating directly into delays and risks for patient care that can, tragically, prove fatal.
📌 Reference Map:
- Paragraph 1 – [1], [2], [3]
- Paragraph 2 – [1], [3], [2]
- Paragraph 3 – [1], [4], [6]
- Paragraph 4 – [2], [6], [7]
- Paragraph 5 – [5], [1], [3]
- Paragraph 6 – [1], [3], [2]
- Paragraph 7 – [7], [4]
- Paragraph 8 – [3], [1], [2]
Source: Noah Wire Services
Noah Fact Check Pro
The draft above was created using the information available at the time the story first
emerged. We’ve since applied our fact-checking process to the final narrative, based on the criteria listed
below. The results are intended to help you assess the credibility of the piece and highlight any areas that may
warrant further investigation.
Freshness check
Score:
8
Notes:
The narrative is recent, published on June 28, 2025, and reports on a patient death linked to a cyberattack on Synnovis in June 2024. The earliest known publication date of similar content is June 26, 2025, by Reuters. The report is based on official investigations, which typically warrant a high freshness score. No discrepancies in figures, dates, or quotes were identified. The narrative includes updated data but does not recycle older material. No republishing across low-quality sites or clickbait networks was found. The content appears original and timely.
Quotes check
Score:
9
Notes:
The direct quote from Synnovis CEO Mark Dollar, “Our hearts go out to the family involved,” is consistent with statements from other reputable sources. No variations in wording were found, indicating the quote is accurately reported. No earlier usage of this exact quote was identified, suggesting it is original to this report.
Source reliability
Score:
7
Notes:
The narrative originates from Hackread.com, a cybersecurity-focused platform. While it provides detailed coverage, it is not as widely recognised as major outlets like the Financial Times or Reuters. The report cites official investigations and includes direct quotes from Synnovis CEO Mark Dollar, enhancing its credibility. However, the platform’s limited reach may affect the overall reliability score.
Plausability check
Score:
8
Notes:
The narrative aligns with known facts about the June 2024 ransomware attack on Synnovis, which disrupted NHS services and led to patient harm. The claim that a patient’s death was linked to the cyberattack is consistent with recent reports from reputable sources. The language and tone are appropriate for the topic and region. No excessive or off-topic details are present, and the structure is coherent. No inconsistencies or suspicious elements were identified.
Overall assessment
Verdict (FAIL, OPEN, PASS): PASS
Confidence (LOW, MEDIUM, HIGH): HIGH
Summary:
The narrative is recent, original, and consistent with known facts about the June 2024 ransomware attack on Synnovis. It includes accurate quotes and aligns with reports from reputable sources. The source, Hackread.com, provides detailed coverage, though it is less widely recognised than major outlets. Overall, the report is credible and timely.
