Qilin Ransomware Attack on NHS Causes Patient Death in the UK

A patient’s death has been officially connected to a cyber attack carried out by the Qilin ransomware group that crippled pathology services at several major NHS hospitals in London last year. The cyber attack on Synnovis, a key pathology provider, caused widespread disruption to vital diagnostic services, delaying critical blood test results and impacting patient care significantly.

King’s College Hospital NHS Foundation Trust confirmed that a patient unexpectedly died during the cyber-incident. A spokesperson for the trust revealed that a detailed review of the patient’s care found multiple contributing factors, including “a long wait for a blood test result due to the cyber attack impacting pathology services at the time.”

The findings of this safety investigation have been shared with the patient’s family. Synnovis CEO, Mark Dollar, expressed deep sadness, stating, “Our hearts go out to the family involved.”

Hackread.com reported on this incident on June 4, 2024, highlighting the chaos across London’s healthcare system. The attack occurred on June 3, 2024, targeting Synnovis, which provides diagnostics, testing, and digital pathology in southeast London. This incident brought blood testing across multiple NHS trusts, including King’s College, Guy’s and St Thomas’, and Lewisham and Greenwich hospitals, along with GP practices, to a halt.

The disruption was extensive, affecting more than 10,000 outpatient appointments and leading to the postponement of 1,710 operations at King’s College and Guy’s and St Thomas’ NHS Foundation Trusts.

Additionally, as per Sky News, 1,100 cancer treatments were delayed. Healthcare providers faced challenges with blood transfusions and matching, forcing them to use universal O-type blood, which contributed to a national shortage of O-type supplies, as explained by NHS England.

Nearly 600 patient safety incidents were linked to the attack, with two cases classified as severe, indicating permanent damage or life-threatening delays, according to revised figures from 2025. Synnovis also reported having to discard 20,000 degraded blood samples from 13,500 patients due to the inability to test them.

The Russian cybercriminal group Qilin is believed to be responsible. The group also allegedly published almost 400GB of stolen sensitive data online, including patient names, dates of birth, NHS numbers, blood test descriptions, and financial arrangements between hospitals and Synnovis, on its darknet site and Telegram channel.

This tragic death draws parallels with a similar incident in Germany on September 18, 2020, as reported by Hackread.com. In that case, a ransomware attack on University Hospital Düsseldorf (UKD) caused IT systems to fail. An emergency patient needing urgent treatment had to be rerouted to another hospital 32 kilometers away, leading to her death.

Investigators later found the attackers had mistakenly targeted the university, not the hospital and provided a decryption key when informed of their error. The vulnerability exploited in that attack, Citrix ADC CVE-2019-19781, had a patch available a month prior, emphasizing the critical need for timely cybersecurity updates in healthcare as these tragic incidents highlight the severe human cost of cyberattacks on medical facilities.