Stay informed with free updates
Simply sign up to the Cyber Security myFT Digest — delivered directly to your inbox.
A patient died as a result of a ransomware attack on the National Health Service last year, which disrupted thousands of appointments and procedures at major London hospitals.
Synnovis, which processes blood tests on behalf of some NHS organisations, was hacked by Russian-speaking cyber crime group Qilin, which subsequently released 400GB of information it said it had stolen from the provider.
The attack in June last year caused significant disruption at the pathology departments of King’s College Hospital and of Guy’s and St Thomas’ NHS Foundation Trust.
The newly reported death was in part caused by the patient’s delayed blood test results. The major incident underscores the extra digital security risks as a result of the increasing use of private service providers by the NHS.
Last week, the South East London Integrated Care Board said it had identified 170 cases of patient harm in relation to the attack, the majority of which were classified as “low harm”. A law enforcement investigation into the cyber attack is ongoing.
However, in a statement on Wednesday, King’s College Hospital Foundation Trust confirmed the patient’s death, first reported by the Health Service Journal.
“Sadly, one patient sadly died unexpectedly during the cyber attack,” a spokesperson said.
“The patient safety incident investigation identified a number of contributing factors that led to the patient’s death. This included a long wait for a blood test result as a result of the cyber attack impacting pathology services at the time,” they added.
The healthcare industry has become increasingly vulnerable to cyber crime and there are growing calls for an independent expert review into NHS security risks.
Dr Saif Abed, a former NHS doctor and expert in cyber security and public health, told the Financial Times he believed more patients had died in recent years than publicly recorded because of data breaches.
“This tragic death is the tip of the iceberg. From my experience analysing healthcare cyber attacks in the UK and globally, it is a near certainty that there have been more deaths over the years that have not been uncovered simply due to a lack of official investigations”, he said.
“It is absolutely urgent that we now have an independent inquiry into NHS cyber security and patient safety.”
Synnovis and NHS England did not immediately respond to a request for comment.
