Hacked Blood Testing Provider Expects Autumn Recovery Date

Private pathology and diagnostic services provider Synnovis has said that its blood transfusion services may not be fully functioning until the autumn, after a ransomware attack crippled the system last month.

The company said that “substantial parts” of the system had been restored, nearly two months after the 3 June hack that paralysed Synnovis’ systems and caused multiple London hospitals to declare a critical incident.

Hospitals cancelled hundreds of operations and thousands of appointments and were left unable to carry out blood transfusions.

Meanwhile the NHS issued an alert over blood supply shortages due to after-effects of the incident.

Systems restored

In its latest update Synnovis, a partership between Guy’s and St Thomas’ NHS Foundation Trust, King’s College Hospitals NHS Trust and commercial testing firm Synlab, said it had reconnected more laboratories to systems that enabled the service to receive test orders and return results electronically.

Core chemistry and haematology services, including coagulation studies, have been restored at King’s College and Princess Royal University Hospitals, whild Guy’s and St Thomas’, Royal Brompton and Harefield Hospitals are to follow this week.

“We expect to be able to increase the numbers and types of tests shortly. This is a significant step forward in services recovery and in the carefully phased and clinically safe approach to bringing all our systems back online,” Synnovis said.

The company said services would continue to be stabilised over the summer, with full restoration expected in the early autumn.

On 25 June NHS Blood and Transplant issued an “Amber Alert” over blood supply shortages, asking NHS hospitals to restrict the use of O type blood to essential cases and use substitutions where it is clinically safe to do so.

Blood shortages

The alert was a result of increased demand for O type blood, which is known as the universal blood type and is safe to use for all patients, making it more in-demand than usual in the absence of testing services.

Also contributing to the shortage was a reduction in collections due to high levels of unfilled appointments at donor centres, the NHS said.

The NHS said that as of 25 July the incident had led to the postponement of 1,608 elective procedurs and 8,349 acute outpatient appointments at King’s College Hospital and Guy’s and St Thomas’ since 3 June.

Russian criminal gang Qilin was behind the attack, former National Cyber Security Centre (NCSC) chief Ciaran Martin said.

The group published some 400GB of data stolen from Synnovis on 20 June, which reportedly included patient names, NHS numbers and descriptions of blood tests.

Synnovis said a taskforce of external IT experts was continuing to verify the published data.

The company refused to pay a ransom and was forced to rebuild its systems from scratch, while accessing critical data from backups.

But even if it had paid the ransom, restoring its locked systems may have meant months of work.