Operations have been canceled at several of London’s largest hospitals, and a critical incident emergency status declared, following a ransomware attack on a third-party provider leaving healthcare professionals without access to pathology services.

The attack, which was detected on Monday, impacted a company called Synnovis that provides pathology services, such as blood tests for transfusions, to a number of healthcare organizations, according to reports and internal emails published on social media.

“I can confirm that our pathology partner Synnovis experienced a major IT incident earlier today, which is ongoing and means that we are not currently connected to the Synnovis IT servers,” wrote Ian Ebbs, the chief executive at Guy’s and St Thomas’ NHS Foundation Trust, a hospital network.

Royal Brompton and Harefield hospitals, the largest specialist heart and lung centers in the United Kingdom, are also believed to be affected. The incident is also affecting King’s College Hospital NHS Foundation Trust “and primary care across south east London,” wrote Abbs, “having a major impact on the delivery of our services, with blood transfusions being particularly affected.”

Some appointments have already been canceled or patients have been redirected to other providers at short notice due to the incident. The burden on other hospitals due to extra patients may lead to a further stretching of resources and more critical incidents being declared. It is not clear how long the disruption will last for.

“I recogise how upsetting this is for patients and families whose care has been affected, and how difficult and frustrating this is for you all. I am very sorry for the disruption this is causing,” Abbs wrote.

The disruption to the blood transfusion IT system risks having a major impact on trauma cases, as only urgent blood components will be transfused when it is “critically indicated for the patient,” according to one message.

Recorded Future News has contacted Synnovis, Guy’s and St Thomas’ NHS Foundation Trust, and King’s College Hospital NHS Foundation Trust, for comment, but none responded as of publication.

The attack is the latest of 215 ransomware incidents affecting the health sector in the United Kingdom since January 2019, according to personal data breaches reported to the Information Commissioner’s Office (ICO).

Ransomware attacks reached record levels in the United Kingdom last year, according to this data. Although the data suggests that incidents dropped from a record 106 in 2022 to just 32 in 2023, both the ICO and the National Cyber Security Centre have said they are “increasingly concerned” about ransomware victims failing to report incidents.

To tackle the ransomware crisis, officials at the Home Office had planned to launch a public consultation in June proposing radical measures — including requiring all victims to seek a license before making a ransomware payment —  although these plans have been delayed by the Prime Minister calling a snap election.

Attacks on the healthcare sector risk being especially impactful to patients. Earlier this year, cyber extortionists published sensitive patient data stolen from NHS Dumfries and Galloway, part of the Scottish healthcare system, in a bid to demand money from the local health board.

A ransomware attack affecting Australian health insurance business Medibank back in 2022 saw patient histories and treatment data compromised by criminals.

The criminals, seeking to extort the Australian business and the affected patients, subsequently began publishing sensitive healthcare claims data for around 480,000 individuals, including information about drug addiction treatments and abortions.

What is Threat Intelligence?