Phishing simulation Awareness training Data breach detection Pricing About Blog Resources Contact
Get started Log in

Ransomware causes UK patient death

A ransomware attack by Qilin disrupted NHS hospitals and is now linked to a patient death, raising urgent concerns about healthcare cybersecurity.

30-06-2025 - 7 minute read. Posted in: cybercrime.

Ransomware causes UK patient death

Qilin ransomware attack on NHS linked to patient death in the UK

A ransomware attack carried out by the Qilin cybercriminal group has been linked to the death of a patient in the United Kingdom. The breach targeted NHS partner Synnovis and disrupted critical pathology services across multiple hospitals in London. The attack also affected the UK's National Health Service and King's College Hospital, which were among the key organizations impacted. As a result, blood tests, transfusions, and diagnostic services were severely affected. The cyberattack impacting pathology services, specifically the attack impacting pathology services, led to significant delays in diagnostic and blood testing.

Introduction to the incident

The 2024 ransomware attack on Synnovis, a vital provider of pathology services for the UK’s National Health Service, has been officially linked to the death of a patient, underscoring the grave risks that cyber attacks pose to patient safety and healthcare delivery. The Qilin ransomware group’s assault caused widespread disruption to diagnostic services, particularly delaying blood test results that are essential for timely medical decisions. King’s College Hospital NHS Foundation Trust, one of the hardest-hit facilities, confirmed that one patient sadly died unexpectedly during the incident after a long wait for a blood test result. This tragic event highlights how a ransomware attack can directly impact patient care, with delays in test results leading to life-threatening consequences. The incident serves as a stark reminder of the urgent need for robust cybersecurity measures across the national health service to protect both patient safety and the integrity of critical pathology services.

A life impacted by cybercrime

The incident occurred on June 3rd 2024 and impacted Synnovis, a private company that provides pathology services to several NHS trusts, including King’s College Hospital and Guy’s and St Thomas’. The ransomware attack caused significant operational disruption, leading to cancelled surgeries, delayed treatments, and postponed cancer screenings. The breach also exposed sensitive information, including patient names, as part of the data exfiltration. One patient has now died as a result of these delays, according to official NHS statements.

This is believed to be the first time that a cyberattack has directly contributed to a death within the United Kingdom’s healthcare system. Although few details have been released to protect patient confidentiality, the case highlights the serious real-world consequences of cyberattacks on critical infrastructure.

The threat actor behind the attack

Qilin, also known as Agenda, is a Russian-speaking ransomware group that has been active since at least 2022. The group typically targets healthcare institutions and critical infrastructure by using double extortion tactics. They not only encrypt files but also steal sensitive data and threaten to publish it unless a ransom is paid.

Following the Synnovis breach, Qilin claimed responsibility and listed over 400 gigabytes of stolen data on their darknet leak site. This data allegedly includes patient records, pathology results, and financial information. Cybersecurity experts warn that this data could be used in further attacks or identity theft schemes.

Impact on NHS services

The Synnovis ransomware attack had a profound and far-reaching impact on NHS services, especially in south-east London. Pathology and blood testing services were severely disrupted across multiple NHS trusts and GP practices, resulting in the postponement of more than 10,000 appointments and 1,710 operations at King’s College and Guy’s and St Thomas’ NHS Foundation Trusts. According to the South East London Integrated Care Board, there were 170 reported cases of patient harm directly linked to the cyber attack, with two cases classified as severe harm due to permanent damage or life-threatening delays in care. The crisis was further intensified by a critical shortage of O-type blood in London hospitals, making it even more challenging to provide urgent treatments. An NHS spokesperson told the media that the attack had a significant impact on patient care, with many patients experiencing delays in essential procedures and treatments. The disruption to blood testing and pathology services not only affected immediate patient outcomes but also placed additional strain on NHS staff and resources across the region.

The human consequences of ransomware

Cyberattacks on healthcare systems are becoming increasingly common, but this case illustrates a grim reality. When hospitals lose access to critical systems, the consequences extend beyond financial loss. Surgeries are delayed, diagnoses are missed, and patients are placed at increased risk. In some cases, these delays can be fatal.

The healthcare sector handles life-or-death decisions on a daily basis. Disruptions caused by cyberattacks introduce dangerous uncertainty and delay into systems that are already under strain.

Response and aftermath

In the wake of the cyber attack, NHS England and the Department of Health and Social Care responded by urging all healthcare suppliers to adopt a new cybersecurity charter designed to strengthen digital defences. The updated guidance requires vendors to implement multi-factor authentication, promptly patch known system vulnerabilities, and maintain ongoing support for digital infrastructure to ensure secure and continuous healthcare operations. Suppliers are also mandated to keep secure, immutable backups of critical data to mitigate the risk of data loss during future cyber incidents. In April 2025, the UK government announced the introduction of a Cyber Security and Resilience Bill aimed at addressing vulnerabilities in national infrastructure, including the healthcare sector. Experts and former NHS doctors have called for an independent review of NHS cybersecurity, emphasizing the need to safeguard patient safety and prevent further cyber attacks. The incident has also sparked demands for greater transparency and accountability within the healthcare sector, particularly regarding patient confidentiality and the handling of data breaches. Dr Saif Abed, a former NHS doctor, suggested that more patient deaths related to data breaches may have occurred than have been publicly reported, highlighting the importance of a thorough safety incident investigation and a detailed review of contributing factors that led to patient harm.

A vulnerable healthcare system and patient safety

The National Health Service has long faced challenges related to outdated infrastructure and limited cybersecurity resources. Attackers like Qilin exploit these weaknesses, knowing that healthcare organisations may lack the resilience to respond quickly to digital threats.

In this case, recovery has been slow. Weeks after the initial breach, many services have still not returned to full capacity. The attack has not only affected patients but also placed enormous pressure on medical staff who are working without access to essential systems.

Strengthening digital defences

This incident demonstrates that cybersecurity must be treated as a healthcare priority. Hospitals and healthcare providers need robust incident response plans, updated software systems, and support from national cybersecurity authorities. A closer look at the top 5 cyber threats in healthcare illustrates how ransomware, phishing, and data breaches consistently endanger patient care. Recent real-world cases such as the ransomware attack on Mediclinic and the second data breach at McLaren Health Care highlight the critical need for stronger digital defences in the healthcare sector.

There is also a growing debate about the legal and ethical classification of such attacks. Some experts argue that ransomware attacks on hospitals should be treated as crimes against humanity, given their potential to cause widespread harm. Additionally, some cybercriminal groups justify their actions as a form of political protest or retaliation for UK government's actions, framing these attacks as responses to government policies or international conflicts.

Conclusion

The Qilin ransomware attack against Synnovis and the resulting patient death marks a turning point for healthcare cybersecurity in the United Kingdom. It serves as a tragic reminder that digital threats can have deadly consequences. To protect both data and lives, there must be a stronger collective effort to secure critical infrastructure and hold cybercriminals accountable.

Author Sarah Krarup

Sarah Krarup

Sarah studies innovation and entrepreneurship with a deep interest in IT and how cybersecurity impacts businesses and individuals. She has extensive experience in copywriting and is dedicated to making cybersecurity information accessible and engaging for everyone.

View all posts by Sarah Krarup

Similar posts

Artificial affection: The dangers of AI intimacy
cybercrime

Artificial affection: The dangers of AI intimacy

AI is giving rise to the phenomenon of virtual romantic companions. Let's dive into what it is and what issues it raises.

19-03-2024 · 5 min.
Be aware of supply chain attacks
hacking

Be aware of supply chain attacks

We will go through what supply chain attacks are, what the consequences are and what you can do to avoid them so that your supply chain is not affected.

08-03-2023 · 9 min.
What is adware?
malware

What is adware?

Adware is everywhere on the Internet and in free software to display advertisements. But this may be a form of malware designed by hackers.

24-05-2022 · 7 min.