Hackers Published Sensitive Data Stolen From London Hospitals

A cyber-attack on London hospitals resulted in the publication of sensitive data stolen from Synnovis, a National Health Service (NHS) pathology provider.

The attack, which occurred on June 3, has been attributed to the Russian-speaking hacker group Qilin. The group has released over 380GB of data on its Telegram channel, claiming it includes patient information and financial records.


The hackers infiltrated Synnovis’s IT systems, encrypting files and demanding a $50 million ransom to restore access.

Synnovis, a partnership between Synlab UK & Ireland and two NHS trusts—Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospital NHS Foundation Trust—provides critical lab testing services to hospitals and primary care services in London and Kent.

Free Webinar on API vulnerability scanning for OWASP API Top 10 vulnerabilities -> Book Your Spot

The attack has severely impacted blood transfusion and testing capabilities, leading to the postponement of over 1,000 operations and more than 2,000 appointments.

Published Data

The data published by the hackers reportedly includes patient names, dates of birth, NHS numbers, and descriptions of blood tests. Financial spreadsheets were also among the leaked information.

Data Leak screenshot

The NHS has not yet confirmed the specifics of the published data, and it remains unclear if the information includes test results. Law enforcement agencies are currently investigating the attack.

In a statement to BBC, the NHS acknowledged the publication of the data and expressed concern over the potential impact on patients.

“We understand that people may be concerned by this, and we are continuing to work with Synnovis, the National Cyber Security Centre, and other partners to determine the content of the published files as quickly as possible,” the NHS said.

The organization is working to ascertain whether the data was extracted from Synnovis’s systems and whether it pertains to NHS patients.

The cyber-attack has caused significant disruptions to healthcare services in London. Seven hospitals run by the two affected NHS trusts experienced major service interruptions, including canceling or relocating elective operations.

Between June 3 and June 9, 832 surgical procedures were postponed, including cancer surgeries and organ transplants.

The affected hospitals include Guy’s, St Thomas’, King’s College, the Evelina Children’s Hospital, Royal Brompton, Harefield specialist heart and lung hospitals, and the Princess Royal Hospital in Orpington.

Ongoing Investigation

The NHS, in collaboration with the National Cyber Security Centre and other partners, is conducting a thorough investigation to determine the full extent of the data breach and its implications.

Publishing the stolen data is seen as a tactic to pressure Synnovis to pay the ransom. The NHS has assured the public that it will continue to provide updates as more information becomes available.

The cyber-attack on Synnovis and the subsequent publication of sensitive data highlights the growing threat of ransomware attacks on critical healthcare infrastructure.

The incident underscores the need for robust cybersecurity measures to protect patient data and ensure the continuity of essential healthcare services.

Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.