Synnovis Ransomware Attack 2024: What Happened and What the NHS Learned
On 3 June 2024, Qilin ransomware operators attacked Synnovis — the partnership between SYNLAB UK & Ireland and NHS England that provides pathology services to King's College Hospital and Guy's and St Thomas' NHS Foundation Trust. Within hours, blood transfusion services were disrupted, thousands of samples could not be processed, and hundreds of operations and appointments were cancelled or postponed. The attack's impact cascaded across London's NHS for months, with full service restoration not achieved until autumn 2024. The root cause was technical and straightforward: a service account without multi-factor authentication, exploited by a sophisticated criminal gang.
The Synnovis attack disrupted pathology services for over 3 months, cancelled hundreds of operations, and triggered the NHS's first ever critical incident for a cyberattack.
How the Synnovis Attack Unfolded
Qilin, a Russia-linked ransomware group, gained access to Synnovis systems through a service account that lacked multi-factor authentication. Once inside, they moved laterally through the network, identified and exfiltrated sensitive data, and deployed ransomware across Synnovis IT systems. The attack affected the IT infrastructure connecting Synnovis to NHS trust systems — meaning blood test results, transfusion matching, and other critical pathology data could not be processed or shared. NHS trusts had to revert to manual processes, blood banks depleted stocks without being able to perform full compatibility testing, and elective operations requiring blood products were cancelled as a precaution.
Lessons for NHS Organisations from the Synnovis Attack
The Synnovis attack reinforced several critical lessons for NHS organisations: MFA on all service accounts and remote access systems is non-negotiable — the absence of this single control was the decisive factor in the attack's success; third-party supplier security cannot be assumed — Synnovis had privileged connectivity to NHS trust clinical networks, and its security posture had direct patient safety implications; downtime procedures must be tested before they are needed — NHS trusts that had maintained and tested manual procedures were able to continue operating more safely during the outage; and incident response plans must include clinical leadership — patient safety decision-making during an IT outage requires clinical authority, not just IT crisis management.
Kyanite Blue specialises in cybersecurity for iGaming operators. MGA-licensed operators across Malta trust our stack.
Get in touchReady to secure your iGaming operation?
MGA-licensed operators across Malta trust Kyanite Blue.