Tragic death linked to Qilin ransomware attack disrupts NHS pathology services in London

A tragic death in London has been officially linked to a cyberattack orchestrated by the Qilin ransomware group, which targeted Synnovis, a key pathology service provider for the NHS. The attack in June 2024 severely disrupted diagnostic services across several major hospitals in southeast London, including King’s College Hospital, Guy’s and St Thomas’, and Lewisham and Greenwich hospitals. This disruption delayed critical blood test results, contributing to the death of a patient at King’s College Hospital, marking one of the first confirmed fatalities in the UK attributed to a cyberattack on healthcare systems.

King’s College Hospital NHS Foundation Trust confirmed that a detailed review found multiple factors contributed to the patient’s death, with prolonged waits for blood test results during the incident being a significant cause. Synnovis’ CEO, Mark Dollar, expressed deep sadness over the outcome and extended sympathies to the family affected. Government officials and cybersecurity experts have highlighted the profound risks these cyberattacks pose to patient safety, with calls for independent inquiries into NHS digital security to uncover possible unreported consequences.

The attack, attributed to the Russian-speaking Qilin gang, inflicted widespread chaos over London’s healthcare network. It halted blood testing services across NHS trusts and GP practices, delaying or cancelling thousands of outpatient appointments and over 1,700 operations. Cancer treatments were also affected, with reports indicating about 1,100 treatments postponed. The disruption extended to blood transfusion services, forcing hospitals to use universal O-type blood, exacerbating a national shortage of O-type supplies. Nearly 600 patient safety incidents were logged in connection with the cyberattack, with at least two classified as severe, involving life-threatening delays or permanent harm.

Beyond operational disruption, the attackers stole and publicly released nearly 400GB of sensitive patient data on darknet platforms and messaging apps. The leaked information included personal details such as patient names, dates of birth, NHS numbers, financial arrangements between hospitals and Synnovis, and descriptions of blood tests. This represents one of the largest data breaches the NHS has faced in recent years. The National Crime Agency and National Cyber Security Centre are involved in ongoing investigations to verify the authenticity and extent of the leaked data.

The financial impact on Synnovis has been catastrophic. The cost of managing the attack and its aftermath is estimated at over £32 million, seven times higher than the company’s prior annual profits. Synnovis is a public-private partnership between the pathology firm Synlab and the hospital trusts affected and is gradually progressing through a phased recovery plan. The incident may also result in regulatory penalties from data protection authorities.

This UK incident is reminiscent of previous fatal cyberattacks on healthcare facilities internationally. Notably, a 2020 ransomware attack on the University Hospital Düsseldorf in Germany similarly caused system failures that led to the death of an emergency patient, emphasising the grave human consequences of healthcare cyber vulnerabilities. Investigators in that case found the attackers had targeted the wrong institution and provided a decryption key upon learning their mistake, underlining how lapses in cybersecurity can have irreversible effects on patient outcomes.

The Qilin ransomware gang is known for leasing its malware to affiliates and targeting critical, high-stakes sectors such as healthcare. Their operations are believed to be based in regions beyond the reach of Western law enforcement, complicating efforts to bring perpetrators to justice. The NHS and its partners face growing challenges in securing increasingly digitalised health infrastructure, where reliance on private providers and interconnected systems heightens exposure to cyber threats. Experts warn that without robust, timely cybersecurity measures, patient safety will continue to be jeopardised by such attacks.

In sum, the Qilin ransomware attack has exposed critical vulnerabilities within the NHS pathology services, with devastating effects on patient care and safety. The tragic death linked to this incident marks a somber milestone in the evolving threat posed by cybercrime to healthcare, underscoring urgent calls for enhanced security protocols and more thorough investigations to prevent further loss of life.

📌 Reference Map:

• Paragraph 1 – ^[1], ^[3], ^[2]
• Paragraph 2 – ^[1], ^[2], ^[3]
• Paragraph 3 – ^[1], ^[4], ^[2]
• Paragraph 4 – ^[1], ^[6], ^[7]
• Paragraph 5 – ^[5], ^[1]
• Paragraph 6 – ^[1], ^[7], ^[3]
• Paragraph 7 – ^[4], ^[7], ^[2]
• Paragraph 8 – ^[1], ^[2], ^[3], ^[4]

Source: Noah Wire Services

Noah Fact Check Pro

The draft above was created using the information available at the time the story first
emerged. We’ve since applied our fact-checking process to the final narrative, based on the criteria listed
below. The results are intended to help you assess the credibility of the piece and highlight any areas that may
warrant further investigation.

Freshness check

Score:
8

Notes:
The narrative is based on a press release from Hackread.com dated June 28, 2025, reporting on a patient death linked to a cyberattack by the Qilin ransomware group on Synnovis, a pathology service provider for the NHS. The earliest known publication date of substantially similar content is June 26, 2025, with reports from Reuters and the Financial Times confirming the incident. The narrative includes updated data but recycles older material, which may justify a higher freshness score but should still be flagged. The report has been republished across various platforms, including low-quality sites and clickbait networks, which raises concerns about the originality and potential for disinformation. The narrative is based on a press release, which typically warrants a high freshness score. However, the presence of recycled content and republishing across low-quality sites suggests a need for caution.

Quotes check

Score:
7

Notes:
The narrative includes direct quotes from Synnovis’ CEO, Mark Dollar, expressing deep sadness over the patient’s death. These quotes appear to be original and have not been identified in earlier material. However, the lack of online matches for these quotes raises the possibility of original or exclusive content. The wording of the quotes varies slightly from other reports, indicating potential originality.

Source reliability

Score:
6

Notes:
The narrative originates from Hackread.com, which is not a widely recognized or reputable news outlet. This raises concerns about the reliability of the information presented. The report includes references to other reputable sources, such as Reuters and the Financial Times, which adds some credibility. However, the overall reliability is compromised due to the primary source’s lack of established reputation.

Plausability check

Score:
9

Notes:
The narrative aligns with reports from reputable sources, including Reuters and the Financial Times, confirming the cyberattack and its impact on NHS services. The details about the patient death and the involvement of the Qilin ransomware group are consistent with other reports. The language and tone are consistent with typical reporting on such incidents, and the structure focuses on the key facts without excessive or off-topic detail. There are no significant inconsistencies or implausible claims in the narrative.

Overall assessment

Verdict (FAIL, OPEN, PASS): FAIL

Confidence (LOW, MEDIUM, HIGH): MEDIUM

Summary:
The narrative presents a plausible account of the Qilin ransomware attack on the NHS, corroborated by reputable sources. However, the reliance on a press release from a low-reputation outlet, the recycling of older material, and the republishing across low-quality sites raise significant concerns about the freshness, originality, and potential for disinformation. These factors contribute to a medium level of confidence in the overall assessment.