On Monday 3 June, a ransomware cyber attack was perpetrated against Synnovis, a pathology laboratory which processes blood tests on behalf of a number of NHS organisations, primarily in south east London.

The clinical impact of the attack has seen a significant reduction in the number of tests which can be processed and reported back to clinical teams.

In response, NHS England London declared a regional incident and has been coordinating work across affected services, as well as with neighbouring providers and national partners, in order to manage disruption.

This has included:

Coordinating mutual aid to ensure patients needing time-sensitive care can receive it, including having operations at other hospitals;
Working with Synnovis and trusts to find ways to increase the number of tests that can be reported per day;
Working with other pathology services to reroute blood tests from GP surgeries. This is currently in place for practices in Lambeth and Southwark, and will be rolled out to other boroughs as soon as possible; and
Working with NHS Blood and Transplant to provide extra stocks of ‘universal’ blood types, which don’t require patients to have tests before receiving transfusions.
Urgent and emergency services in the local area are available as usual. Patients are advised to access services in the normal way by dialling 999 in an emergency, and otherwise using NHS 111 through the NHS App, online or on the phone.

Despite the best efforts of NHS staff and partners, it has not been possible to avoid disruption for some patients.

In the interests of the public having a clearer picture of the extent of this disruption, NHS England London will now publish unverified management information on a weekly basis.

The data for the first week after the attack (3-9 June) shows that, across the two most affected Trusts – King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust – more than 800 planned operations and 700 outpatient appointments needed to be rearranged. The majority of planned activity has continued to go ahead, with some specialities impacted more than others.

Trusts are working hard to make sure any procedures are rearranged as quickly as possible, including by adding extra weekend clinics. Patients will be kept informed about any changes to their treatment by the NHS organisation caring for them. This will be through the usual contact routes including texts, phone and letters. Any patient with a planned appointment at these Trusts, who has not been contacted, should attend their appointment as normal.

In order to maintain additional levels of ‘universal’ blood stocks in affected services, NHS Blood and Transplant have called out to O Positive and O Negative blood donors to urgently book appointments to donate in one of the 25 town and city centre NHS Blood Donor Centres in England over the next few weeks, to boost stocks of O type blood following the cyber incident, with people urged to Visit blood.co.uk or call 0300 123 23 23 to book an appointment.

Synnovis is focused on the technical recovery of the system, with plans in place to begin restoring some functionality in its IT system in the weeks to come. Full technical restoration will take some time, however, and the need to re-book tests and appointments will mean some disruption from the cyber incident will continue to be felt over coming months.

Dr Chris Streather, Medical Director for NHS London, said:

“Today’s data shows that NHS teams are working flat out to see as many patients as possible – but there is no doubt the ransomware cyber-attack on Synnovis is having a significant impact on services in south east London, with hundreds of appointments and procedures being postponed.

“Having treatment postponed is distressing for patients and their families, and we apologise to all those who have been impacted, and staff will work hard to re-arrange appointments and treatments as quickly as possible.

“While staff are working round the clock to mitigate the impact and Synnovis is working to recover its IT system, we expect disruption to be felt for some time.

“Sites impacted are continuing to prioritise the most urgent care, so please use services in the normal way by dialling 999 in an emergency and otherwise use NHS 111 through the NHS App, online or on the phone.

“If you have not heard from your healthcare provider, please attend appointments as normal.”

Professor Ian Abbs, Chief Executive of Guy’s and St Thomas’ NHS Foundation Trust, and Professor Clive Kay, Chief Executive of King’s College Hospital NHS Foundation Trust, said:

“The cyber-attack has had a significant impact on our services, and this is likely to remain the case for some time yet. Despite the superb efforts of our staff and support from partners across London to continue caring for patients, we have had to postpone a number of operations and appointments which we are working to reschedule as quickly as possible.

“We fully recognise the distress that any delays in care can cause for our patients and their families, and we are very sorry for this. In the meantime, we would urge patients to attend for their appointments as planned unless they are contacted.”

St George’s University Hospitals NHS Foundation Trust is one of the Trusts closely involved and is creating capacity to treat some patients who would ordinarily be seen at King’s College Hospital or Guy’s and St Thomas’ NHS Foundation Trusts. St George’s has set up an incident response room to manage requests and share information more easily, while ensuring it can continue to provide services to its own patients while supporting others.

Jacqueline Totterdell, Group Chief Executive at St George’s, Epsom and St Helier Hospitals and Health Group, said:

“This is where the NHS comes into its own and it’s only with the support of colleagues from other parts of the NHS who are supporting St George’s that we are able to step up and support others.

“We’ve seen some of the sickest and most complex patients at St George’s – following the cyber attack – including patients needing major life changing surgery. So my thanks to the many doctors, nurses and other colleagues who are working hard to care for additional patients so there are no further delays to their care.”

Andrew Bland Chief Executive of South East London Integrated Care System said:

“We are sorry for the impact this cyber attack is having on local residents and would like to offer assurances that we are doing everything we can to resolve things, and prioritising the most urgent and critical patients. I would like to thank everyone working across the south east London system to respond to this incident. Colleagues in primary care, mental health, acute and community trust providers are working together tirelessly to make sure we focus on keeping our most vulnerable patients safe.”