Synnovis cyber incident – public questions and answers
The Synnovis cyber incident occurred on June 3, 2024. Below are some questions and answers that address common concerns. This information will be updated as new details become available.
Last updated: 15 October 2024
Synnovis, a pathology laboratory which processes blood tests on behalf of a number of NHS organisations, with the majority of tests processed from south-east London, suffered a ransomware cyber attack on June 3.
The criminals behind the attack published data files on June 20. Synnovis confirmed on 24 June 2024, through an initial analysis, that the data published was stolen from some of their systems.
We understand people may be concerned by this, and Synnovis are working at pace to carry out the further analysis required to understand the full scale and nature of the data released and patients impacted.
The final stages of recovery following the cyber attack on pathology services provider Synnovis in June are complete, which means nearly all services are now up and running. While some important administrative work remains, any further impact on patient care will be minimal.
Yes. Synnovis has confirmed that a cyber criminal group published data that was stolen from their systems.
We understand people may be concerned by this, and Synnovis are working at pace to carry out the further analysis required to understand the full scale and nature of the data released and patients impacted.
The format in which the stolen data has been published represents a partial copy of the content from the administrative working drive.
The main database where patient test requests and results are stored is separate, and is called the Laboratory Information Management System. At present, Synnovis has confirmed there is no evidence the cyber criminals have published a copy of this database, although their investigations are ongoing.
You should always be alert to approaches from anyone claiming to have your data and to any other suspicious calls or emails, particularly if you are asked to provide personal or financial data.
If you are contacted by someone who claims they have your data please contact Action Fraud who are the UK’s national reporting centre for fraud and cybercrime or call 0300 123 2040.
Send suspicious emails to report@phishing.gov.uk or texts to 7726.
The National Cyber Security Centre (NCSC) has further guidance for individuals and families on data breaches.
You will not receive unexpected contact from the NHS asking for personal or financial information.
If you receive an unexpected or suspicious email or a communication by other means that claims to come from the NHS, you should double-check it’s legitimate by contacting the organisation or department directly.
Don’t use an address or phone number from the message itself – use the details from the official organisation’s website, for example the NHS trust or GP practice where you’ve been receiving care.
Please contact Action Fraud who are the UK’s national reporting centre for fraud and cybercrime or call 0300 123 2040.
Send suspicious emails to report@phishing.gov.uk or texts to 7726.
We understand people will be concerned. Investigations of this type are complex and can take time. Given the complexity of the investigation it may be some months before it is clear which individuals have been impacted.
As more detail becomes available through Synnovis’ full investigation, the NHS will continue to provide updates on the incident website which has answers to a number of frequently asked questions. The incident helpline can support people with additional questions that they might have.
Synnovis has advised NHS England that the stolen data published by the cyber criminal gang includes information originating from Synnovis’ administrative working drive. The information in this drive was created for the corporate and business support activities of Synnovis.
An initial analysis of the stolen data which was published found in some circumstances this information may contain personal data such as names, NHS numbers and test codes, although analysis is ongoing. The codes tell Synnovis the nature of the test that has been requested.
The format in which the stolen data has been published represents a partial copy of the content from the administrative working drive. This makes it complex to interpret and is why it will take some time to carry out full analysis to identify the full nature of the impacted data, organisations and individuals.
The investigation into what data has been stolen and released is ongoing.
Investigations of this type are complex and can take time. Given the complexity of the investigation it may be some months before Synnovis is clear about which individuals have been impacted. As more detail becomes available through Synnovis’ full investigation, the NHS will continue to provide updates on the incident website.
This website contains the most up to date information about the cyber incident and will be regularly updated.
You should continue to use the NHS as normal if you are worried about your health.
The final stages of recovery following the cyber attack on pathology services provider Synnovis in June are complete, which means nearly all services are now up and running.