A major ransomware attack on British pathology services provider Synnovis, which compromised nearly 400 GB of sensitive patient data, also affected the Mid and South Essex NHS Foundation Trust.
A major ransomware attack on British pathology services provider Synnovis, which compromised nearly 400 GB of sensitive patient data, also affected the Mid and South Essex NHS Foundation Trust.
The ransomware attack took place in June 2024 when the Qilin ransomware group targeted Synnovis’ internal network and exfiltrated about 394.1 GB of sensitive patient data shared by several NHS foundation trusts for the purpose of conducting pathology tests.
The incident caused substantial disruptions across several NHS hospitals in London — including Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospital NHS Foundation Trust — as well as other primary care services in southeast London.
An investigation by Synnovis into the ransomware attack found that the Qilin ransomware group had exfiltrated sensitive healthcare records of more than 90,000 NHS patients, including their names, dates of birth, NHS numbers, and blood test information.
The data breach incident also disrupted blood testing and diagnostics, strained national blood supplies, forced hospitals to rely on universal donor blood, and contributed to delays in critical treatments, including at least one patient death.
Earlier this week, Mid and South Essex NHS Foundation Trust, which runs Broomfield Hospital, Basildon University Hospital, Southend University Hospital and other healthcare clinics, said that the cyber attack on Synnovis in June 2024 compromised as many as 2,380 healthcare records of its patients.
The NHS Trust said that Synnovis informed it about the data breach in December 2025, following which it conducted its own investigation into the incident. “Records relating to patients who had a mixture of specialist diagnostic tests were affected,” said Dawn Scawfield, deputy chief executive of the NHS Trust.
“Some data is not directly linked to patients, so we are still waiting for confirmation on exact numbers. Once we have established who those patients are, we will be in contact with any who have been affected,” he added.
The Trust’s announcement arrived a week after Bedfordshire Hospitals NHS Foundation Trust said that the Synnovis data breach compromised healthcare records of as many as 33,000 patients.
“The data taken during the incident came from internal administrative files rather than an operational database,” the Trust said. “Based on the supplier’s analysis, the data provided appears to relate to approximately 32,927 individuals.” It added that the compromised records included patient names, dates of birth, registration numbers, NHS numbers, postcodes and details of test results.
Click Here For The Original Source.
