NHS England » Synnovis cyber incident

Update on the Synnovis cyber incident: 10 November 2025

Synnovis provides pathology services, including blood, urine and specimen testing to a number of healthcare organisations, including the NHS. Based in South-East London, Synnovis is co-owned by Guy’s and St Thomas’ NHS Foundation Trust, King’s College Hospital NHS Foundation Trust and SYNLAB.

On 3 June 2024, Synnovis was the victim of a ransomware cyber-attack, which disrupted Synnovis’ services across the UK and significantly reduced its capacity to process tests. The impact was greatest in South-East London, within Synnovis’ partner trusts and their local boroughs, causing delays to over 11,000 outpatient and elective procedure appointments. While appointment cancellations were confined to South-East London, data stolen in the attack may potentially relate to any of Synnovis’ service users, including some NHS hospitals, GP practices and clinics across England.

Synnovis immediately brought in professional specialist support to help manage the incident and dedicated all available resources to restoring services and rebuilding IT infrastructure. This took some time, but services were fully restored by December 2024.

On 20 June 2024, the criminals responsible for the cyber-attack published data files they had stolen in the attack. Urgent steps were taken by Synnovis, working with the National Cyber Security Centre, law enforcement agencies and the NHS to minimise the risks to individuals and their data. Synnovis also obtained a legal injunction to prevent people from using or further publishing the data. Synnovis reported the incident to the Information Commissioner’s Office and has been in regular contact with them ever since.

What has happened since then?

The next stage of the incident has been to understand the scope of the data stolen.

Synnovis has had to undertake a complex investigation to understand what data had been stolen. This investigation has taken more than a year to complete because the stolen data was unstructured, incomplete and fragmented. It took a long time to piece together and work out which of its customers the data related to. This part of the investigation is now complete.

Synnovis is now in the process of contacting their impacted customers. Organisations that are impacted include some NHS hospitals, GP practices and clinics.

What will happen next?

There will then be a period where impacted NHS organisations will review copies of their data that was stolen – to understand what it contains, who it may identify and if any individuals need to take any steps as a result of their data being impacted.

Where necessary, those NHS organisations may publish information about the incident on their website – including the steps people may need to take. They may also write to some individuals. The timescales for notifying patients are likely to be different for each organisation based on the amount and type of data, as well as the number of individuals involved.

Synnovis will not be contacting patients directly. If patients are notified, the notification will be from an NHS organisation.

How can I find out more information and if this affects me?

We will publish updates on this website about the incident regularly and include links to other NHS organisation websites where you can find out more information.

There is also more information below:

Questions and answers

Synnovis cyber incident – public questions and answers

National Cyber Security Centre guidance

Data breaches: guidance for individuals and families: how to protect yourself from the impact of data breaches

NHS England London – news

Latest news from NHS England London

Synnovis Cyber update

Latest questions and answers from Synnovis

Cookies on the NHS England website