New Evidence Links Ransomware Attack to NHS Patient Fatality, Highlighting Cybersecurity Risks in Healthcare | News

A ransomware attack targeting NHS blood services in London hospitals and GP clinics last June has been associated with the death of an individual.

King’s College Hospital NHS Foundation Trust announced that one patient had “died unexpectedly” amidst the Russian cyber attack on June 3, 2024, which resulted in over 10,000 appointments being canceled.

A representative for the trust indicated that various factors contributed to the patient’s death, including “an extended delay in obtaining blood test results.”

The attack resulted in the theft of patient data managed by Synnovis, an organization responsible for laboratory services for NHS trusts and GPs in southeast London.

The trust’s spokesperson remarked that a thorough evaluation of the patient’s care had been conducted.

“The investigation into this patient safety incident uncovered several factors that contributed to the death,” they stated.

“This included a prolonged wait for blood test results due to the cyber assault impacting pathology services at that time.

“We have met with the family of the deceased and provided them with the findings of our safety investigation.”

The spokesperson also noted they were unable to disclose the date of the patient’s passing or their age, citing privacy concerns.

Mark Dollar, Synnovis’ chief executive, expressed sorrow over the revelation that last year’s cyber attack was identified as a contributing factor to the patient’s death.

“Our condolences go out to the family affected by this tragedy.”

More than 10,000 appointments were cancelled across the two London NHS trusts that were hit hardest; numerous GP practices in the area were also unable to process blood tests for their patients.

The Health Service Journal (HSJ) reported nearly 600 “incidents” associated with the attack, impacting patient care in 170 cases. One incident resulted in “severe” harm, while 14 cases led to “moderate” harm, with the rest categorized as “low harm,” according to HSJ.

NHS guidelines define severe harm as occurring when patients experience permanent injury, require life-saving treatment, or could potentially have their life expectancy reduced, among other criteria.

Deryck Mitchelson from cyber security company Check Point stated that these cyber attacks represented more than mere “disruption” as they resulted in “patient harm.”

Mitchelson, who previously served as the director of National Digital and chief information security officer for NHS National Services Scotland, emphasized that IT systems’ security is only as robust as its weakest link.

“The confirmed death is tragic, yet not unexpected. When the systems that support diagnostics and treatment are compromised on such a large scale, the repercussions are far from theoretical. This is the tangible cost we face,” he explained.

“This act was not faceless. It was not just systems or data that were targeted — it was care. Human lives were at stake, and one has been lost. This reality should carry significant weight.”

Additional reporting contributed by Chris Vallance, BBC Technology.

London

Vitaly Kafanov States the Conditions Under Which Matvei Safonov Should Leave PSG

Related posts

Headline: Twickenham Stabbing: Murder Arrest Made Following Fatal Attack on Local Man

Silvertown Tunnel: A Visionary Transport Solution or Environmental Faux Pas?

Tragic Aftermath: Healthy Young Man Dies Weeks After Brutal Assault in London