Skip to main content

Cyber incident involving Synnovis system within two NHS England Trusts

Earlier this week, NHS England confirmed that some of its patient data was stolen in a ransomware attack on 3 June.

The data, managed by the organisation Synnovis which provides blood services to hospital and GP surgeries, was compromised and encrypted by hackers within several hospitals in two NHS England Trusts (Guy’s and St Thomas and King’s College).

The attack is understood to have been carried out by the Russian group, Qilin.

On 20 June, the data obtained by the hackers - purportedly consisting of pathology patient information - was publicly shared on the social platform Telegram. Operations and appointments have been cancelled within the two affected Trusts in the weeks since the incident.

NHS England has been working with the National Cyber Security Centre ever since to try and verify the contents of the files that have been published online. 

Suzanne Rankin, Chief Executive of Cardiff and Vale University Health Board, said: “While the extent of the situation is still under investigation by Synnovis, it will take time to fully understand the widespread impact and whether Welsh NHS patients have been adversely affected by the breach.

“I would like to reassure the public that analysis of the data is already underway by Synnovis, and due diligence checks will be made to establish whether this has any impact on patients within Cardiff and the Vale of Glamorgan.”

In addressing employees of Cardiff and Vale UHB, she added: “I would like to take this opportunity to remind colleagues of the importance of personal responsibility in adhering to information governance protocols, specifically vigilance in the reporting of suspicious activity such as phishing emails containing dubious links from unknown senders and to refrain from sharing of sensitive information such as login credentials for applications.”

If you are worried you might be affected by this cyber incident, please contact our Concerns Team. They can be reached between the hours of 9am to 5pm (Monday to Friday) on 029 2183 6319 or 029 2074 4095. You can also email the team at Concerns@wales.nhs.uk.

To find out more about the cyber incident, please go to the NHS England website here.

Follow us: