Victim died ‘unexpectedly’ after ‘long wait for blood test result’ during ransomware chaos that saw 1,100 cancer treatments delayed
A patient has died as a direct result of last year’s devastating cyber attack on NHS hospitals in London – marking the first confirmed death linked to the Russian ransomware assault.
King’s College Hospital NHS Foundation Trust today confirmed the tragedy, admitting the victim died “unexpectedly” after experiencing a “long wait for a blood test result” during the cyber chaos.
The shocking revelation comes more than a year after Russian hackers from the group Qilin brought major London hospitals to their knees in a ransomware attack that crippled vital blood testing services.
Death during cyber chaos
One patient sadly died unexpectedly during the cyber attack,” a hospital spokesperson confirmed today.
The patient safety incident investigation identified a number of contributing factors that led to the patient’s death.
“This included a long wait for a blood test result due to the cyber attack impacting pathology services at the time.”
The trust said it had met with the victim’s family and shared findings from the safety investigation – but declined to provide further details about the patient or circumstances of their death.
Russian hackers strike
The devastating attack struck on June 3 last year when Russian cybercriminals from the Qilin group infiltrated Synnovis – an IT company providing crucial blood test services across southeast London.
The ransomware assault paralysed pathology services at some of the capital’s biggest hospitals, including:
- Guy’s and St Thomas’
- King’s College Hospital
- Lewisham and Greenwich
- Royal Brompton
- Evelina London Children’s Hospital
Primary care services across six London boroughs and two mental health trusts were also crippled by the attack.
Catastrophic impact
The full scale of the cyber assault’s devastating impact on patient care has now been laid bare:
- 1,100 cancer treatments delayed
- 2,000 outpatient appointments cancelled
- More than 1,700 operations postponed
- 10,152 acute outpatient appointments affected overall
- Blood transfusion services disrupted for months
At the height of the crisis, hospitals were forced to revert to pen and paper systems, with critical blood test results having to be processed manually – causing massive delays that have now proven fatal.
£32.7m bill
The attack has cost the NHS an estimated £32.7 million, according to accounts filed by Synnovis – including £6.3m in IT rebuild costs and £11.7m in “cyber affected activity.
Guy’s and St Thomas’ Trust reported a deficit of £38.4m by August 2024, with the cyber attack cited as a major contributing factor to the financial crisis.
Data stolen
In a sinister twist, the Qilin hackers published stolen patient data on the dark web on June 20 – just weeks after the initial attack.
Analysis confirmed the criminals had accessed NHS numbers, patient names and test codes from Synnovis’ systems, though the full extent of the data breach remains under investigation.
Synnovis was forced to obtain a legal injunction to try to prevent the downloading, sharing or misuse of the stolen patient information.
Months of chaos
The attack left London’s major hospitals in crisis for months, with emergency protocols having to be implemented:
- All IT systems at Synnovis were knocked offline
- Blood test processing capacity was “significantly reduced”
- Urgent samples had to be redirected to other laboratories
- GP services couldn’t access routine blood testing for weeks
- Some services weren’t fully restored until autumn 2024
Warning ignored?
Digital Health News reported that the attack could potentially have been prevented by simple two-factor authentication – raising questions about basic cyber security measures at the NHS supplier.
The National Cyber Security Centre has warned that “ransomware continues to be the most acute cyber threat facing UK organisations,” with criminals “adapting their business models to maximise profits.
Not the first
The London attack was just one of several cyber incidents targeting the NHS in 2024, including assaults on:
- NHS Dumfries and Galloway
- Alder Hey Children’s Hospital
- Liverpool Heart and Chest Hospital
- Royal Liverpool University Hospital
- Wirral University Teaching Hospital (November 2024)
A similar ransomware attack in Germany had already resulted in a patient death, leading experts to warn that cyber attacks should be treated as potential threats to human life.
Calls for action
The tragedy has sparked urgent calls for the NHS to strengthen its cyber defences through:
- Sustained investment in security infrastructure
- Comprehensive staff training
- Implementation of cutting-edge security technologies
- Better compliance with frameworks like Cyber Essentials+
The government has announced plans for a new Cyber Security and Resilience Bill, expected to be introduced to Parliament this year.
But for one family, these measures come too late – their loved one becoming the first confirmed British victim of what security experts are calling a new form of warfare against our health service.
