Patient Death Linked to NHS Cyber Attack
A hospital in south London has confirmed that the death of a patient last year was linked to a major cyber attack that disrupted NHS services across the capital.
King’s College Hospital NHS Foundation Trust revealed that a patient died unexpectedly during the ransomware attack that hit pathology services provider Synnovis in June 2023. Following an internal investigation, the Trust identified several contributing factors to the death — one of which was a significant delay in receiving blood test results caused by the cyber attack.
The incident had a wide-reaching impact on healthcare in south east London. Over 1,100 cancer treatments were delayed, 2,000 outpatient appointments cancelled, and more than 1,000 operations postponed. Major hospitals, including Guy’s and St Thomas’, King’s College, and Lewisham and Greenwich, along with several primary care providers and mental health trusts, were all affected.
The ransomware attack was attributed to the Russian cybercriminal group Qilin. Sensitive data stolen during the breach was later published online.
Confirming the news, a spokesperson for King’s College Hospital said:
“One patient sadly died unexpectedly during the cyber attack. As is standard practice, we carried out a detailed review of their care. The investigation found several contributing factors, including a long wait for blood test results due to the attack’s impact on pathology services.”
The hospital added that the findings have been shared with the patient’s family.
Mark Dollar, CEO of Synnovis, expressed his condolences:
“We are deeply saddened to hear that last year’s criminal cyber attack has been identified as a contributing factor in this patient’s death. Our hearts go out to the family.”
Cybersecurity experts warn that this tragic outcome highlights how vulnerable the NHS is to such attacks. Deryck Mitchelson, a former NHS cybersecurity head, told Sky News:
“This death is tragic, but sadly not surprising. The NHS relies on a vast network of suppliers and service providers. When even one link is weak, patient safety is at risk.”
“To those behind these attacks — this wasn’t just a data breach. It affected real people, real lives. One of them is now gone. That should weigh heavily.”
A Government spokesperson also acknowledged the tragedy:
“Our deepest sympathies are with the family of the patient. This is a stark reminder of the threat Russia poses and how cyber attacks can have devastating consequences for critical public infrastructure.”
According to the Health Service Journal, nearly 600 patient safety “incidents” were reported in connection to the Synnovis breach, with around 170 patients suffering some level of harm.