This site is intended for health professionals only

GP concern as cyber criminals publish alleged NHS patient data

GP concern as cyber criminals publish alleged NHS patient data

The perpetrators of a recent cyber-attack on a pathology laboratory have published data which they claim belongs to NHS patients.

NHS England is investigating this as a ‘matter of extreme urgency’ to determine the content of the files and establish whether NHS patients have been affected, but this investigation could ‘take weeks if not longer’ to complete.

GP practices in London continue to be impacted by the attack, which happened at the start of the month, with Lewisham and Greenwich NHS Trust warning that the ‘majority’ of GP-requested pathology tests are ‘postponed until further notice’. 

GPs told Pulse they expect to receive queries from worried patients, and that the delay to blood tests will also cause backlogs and issues with QOF achievement down the line. 

South East London ICB said earlier this week that GP referrals have also been ‘significantly impacted’, with only urgent referrals being accepted for blood sciences. 

The majority of planned activity has been able to go ahead, but so far over 1,100 elective procedures and almost 2,200 outpatient appointments have been postponed across two London hospital trusts. 

Synnovis, the provider of lab services to Guy’s and St Thomas’ and King’s College Hospital Foundation trusts, was the victim of a ‘ransomware cyber-attack’ on 3 June. 

In the latest update, a spokesperson for NHS England said it had been ‘made aware that the cyber criminal group published data last night which they are claiming belongs to Synnovis’.

They said: ‘The National Crime Agency and National Cyber Security Centre are working to verify the data included in the published files as quickly as possible.

‘We understand that people may be concerned by this and as more information becomes available through Synnovis’ full investigation, the NHS will continue to update patients and the public on this webpage.’

NHS England acknowledged that ‘full technical restoration’ of Synnovis’ pathology services ‘will take some time’, and disruption ‘will be felt over the coming months’.

Dr Gavin McColl, a GP partner and PCN clinical director in South East London, said it is ‘natural’ that the focus is on secondary care procedures such as C-sections or blood transfusions, but warned that the impact on primary care has been ‘huge’ and ‘profound’. 

He highlighted that general practice is ‘heavily reliant’ on blood tests for both acute and long-term care, as well as medication monitoring. 

There are concerns that the delay to long-term condition management, which is usually happening ‘constantly’ at GP practices, is storing up a large backlog – ‘I can’t stress enough the extent of the backlog that’s going to happen,’ Dr McColl warned.

He told Pulse that the current prediction is that labs will not be fully operational again until the end of September, while he expects the ‘dust will not settle on this for a year’.

Dr McColl has also found that ‘surprisingly’, many of his patients are not aware of the cyber-attack, which means it is ‘labour-intensive’ explaining the delays to patients each time. 

Once patients become aware that patient data has potentially been shared, he said he would imagine ‘they will come at us with a lot of intensity’.

‘One of the concerns we’ve got is that it seems – I don’t know if this is fact – but it seems that that data may include the indications for tests, so that’s where you may be describing someone’s personal situation in order to justify the blood test – that’s something we’re very worried about,’ Dr McColl added.

NHS England has acknowledged to practices that they may be facing more queries from worried patients, but it is not yet known whether the published files contain real NHS data. 

Dr Clare Gerada, a GP partner for the Hurley Group which has practices in South East London, highlighted that the ‘big problem isn’t now’, it will be the ‘knock-on effect’ for practices with QOF and CQC. 

She told Pulse: ‘If we can’t do our monitoring tests for all the patients – diabetes, hypertension, cholesterol – now, then the backlog is just going to cause serious problems. 

‘It’s QOF, it’s CQC – it’s the knock-on effects of this as well as the issues about our patients, it’s how are we going to do routine monitoring for them? Because we can’t be doing thousands of them once things get back to normal.’

Londonwide LMCs told Pulse it is seeking ‘urgent clarification’ on whether patient data has been shared, and highlighted the importance of both GPs and patients having ‘confidence that patient information remains confidential’.

‘Until we receive assurances that this is the case, there will be significant concerns among practices across London,’ deputy CEO Dr Lisa Harrod-Rothwell said.

She also said there must be a ‘strong focus on cyber security’ given the various data sharing projects being rolled out across the NHS.

Earlier this week, Londonwide LMCs said it was working with South East London ICB to ‘ensure that critical and urgent samples from general practices are prioritised’.

They are also working to secure ‘mutual aid’ from other areas to allow investigations for routine medical care and referrals.

The disruption is affecting all GPs across South East London, and is expected to ‘continue for a number of months’, according to a statement from the LMCs. 

NHS England advice to patients

  • Continue to attend appointments unless you have been asked not to
  • Be alert to approaches from anyone claiming to have your data and to any other suspicious calls or emails, particularly if you are asked to provide personal or financial data 
    • If you are contacted by someone who makes these claims, contact Action Fraud 
  • There is no suggestion the criminals have gained access to NHS emails, but as a reminder, you will not receive any unexpected contact from the NHS asking for personal or financial information 
  • Check the NHS website for up to date information about the cyber incident and whether individuals’ data has been stolen and released
  • If you need to speak to someone about your questions, call the incident helpline on 0345 8778967

Source: NHS Digital

Responding to news of the alleged publication of patient data, a spokesperson for Synnovis said: ‘We know how worrying this development may be for many people. We are taking it very seriously and an analysis of this data is already underway.

‘This analysis, run in conjunction with the NHS, the National Cyber Security Centre and other partners, aims to confirm whether the data was taken from Synnovis’ systems and what information it contains.

According to a BBC report this morning, the group of cyber criminals – Qilin – tried to extort money from Synnovis, and the publication of data means the company did not pay.

The group, which is thought to be based in Russia, spoke with the BBC via an encrypted messaging service, claiming that the attack on Synnovis was a way to punish the UK for not helping enough in an unspecified war.



Please note, only GPs are permitted to add comments to articles

David Church 21 June, 2024 5:40 pm

Hopefully all potentially affected GPs and local Media will pro-actively direct worried patients to contact the Synnoivs website and telephone number for retribution!

Left Back 21 June, 2024 6:08 pm

The incident patient helpline will no doubt include the standard buck pass “if you have ongoing concerns please contact your GP for further advice.”

David Church 21 June, 2024 6:56 pm

Maybe we should stop putting clinical data such as reasons for tests, on the requests?
Lab would hav eto auto-approve all tests requested, which would make life easier for GPs.
Actually, perhaps this is something that BMA could consider as ‘Industrial action’ ?