A cyberattack that caused disruption at hospitals in London last year contributed to the death of a patient, health officials have confirmed for the first time.
The incident occurred after a Russian hacking gang in June 2024 targeted Synnovis, a contractor that pro
vides blood testing, transfusion and
other pathology services to the UK’s National Health Service, or NHS. The breach triggered a major crisis at health-
care providers predominantly in the southeast of the city.
One of the affected NHS hospital groups, the King’s College Hospital NHS Foundation Trust, said in a statement
Wednesday that the hack was a contributing factor in the death of a patient. The incident represents the first kno
wn case in which health officials have publicly confirmed that a cyberattack has caused or contributed to a death.
Read more: NHS Cyberattack in UK Inflicted Long-Term Harm on Patient Health
“One patient sadly died unexpectedly during the cyberattack,” said a spokesperson for the King’s College NHS trust. The trust carried out an investigation into
the patient’s death and found that a long wait for a blood test result due to the cyberattack was a contributing factor, the spokesperson added.
Attackers infected Synnovis’ computers with ransomware, which encrypted files stored on the company’s system
Watch More Image Part 2 >>>
s and rendered them inoperable. That led to months of disruption at hospitals and doctors’ surgeries. According to t
he NHS, medical facilities were forced to postpone more than 10,000 appointments and cancel more than 1,700 elective procedures.
“We are deeply saddened to hear that last year’s criminal cyberattack has been identified as one of the contributing fa
tors that led to this patient’s death,” said Synnovis Chief Executive Officer Mark Dollar in a statement. “Our hearts go out to the family involved.”
Doctors had recorded two cases of “major harm” linked to the hack, in addition to 11 cases of moderate harm and
120 cases of minor harm, Bloomberg News reported in January. Details about the specific damage to individuals’ health wasn’t available due to patient confidentiality. I
t’s unclear when health officials established that the patient death had been linked to the hack.
Saif Abed, a former NHS doctor and expert in cybersecurity, said that the case amounted to the first publicly acknowledged death linked to a cyberattack involving a health provider anywhere in the world. He called on the UK government to commission an independent review into the NHS’s cybersecurity and patient safety.
“Cyberattacks have long been recognized as a threat to patient safety but now we have tragic evidence of that fact,” he said.