A patient has died after a cyber attack crippled NHS pathology systems in London - marking the first confirmed UK death linked to a ransomware attack on the health service.
The devastating revelation comes nearly a year after hackers infiltrated Synnovis, the company providing blood testing services for major NHS hospitals in south-east London. The breach caused chaos across the capital, leading to cancelled operations, missed diagnoses, and thousands of disrupted patient appointments.
King’s College Hospital NHS Foundation Trust has now confirmed that one patient “sadly died unexpectedly” during the attack after a serious delay in receiving their blood test result.
“The patient safety incident investigation identified a number of contributing factors that led to the patient’s death,” said a spokesman. “This included a long wait for a blood test result as a result of the cyber-attack impacting pathology services at the time.”
The trust has met with the patient’s family and shared the findings of its investigation. It has declined to confirm the patient’s age or date of death, citing confidentiality.
The shocking development casts a harsh spotlight on the vulnerability of NHS systems to cyber threats - and the potential human cost.
The Synnovis attack in June 2024 that caused more than 1,000 NHS operations to be postponed - including cancer surgery - and left scores of hospital and GP care systems crippled for months. The capital also ran out of blood for transfusions as blood-matching services were inoperable.
With pathology labs offline, GPs described being unable to access test results as like “flying blind”, while clinicians were forced to make life-or-death decisions without crucial data.
A general view of staff on a NHS hospital ward | PABlood transfusions and compatibility checks were effectively suspended. For three months, hospitals could only use universal blood types, quickly draining supplies and triggering a nationwide appeal to replenish stocks.
A major harm review has been underway since the attack, examining the impact across acute hospitals, GP practices in six London boroughs, and two mental health trusts.
According to South East London Integrated Care Board, 120 cases of patient harm have so far been linked to the attack - though most are described as “low harm”. Eleven have been recorded as ‘moderate harm’ and two recorded as ‘major harm’ defined as: “long term or permanent impact on physical, mental or social function or shortening of life expectancy.”
However experts say the number of affected patients may be higher as it is difficult to identify links between a cyber incident and specific harms, which can arise months or years later.
A general view of staff on a NHS hospital ward | PASynnovis, which is jointly owned by King’s College Hospital and Guy’s and St Thomas’ Trusts (49 per cent), has faced mounting questions over its security failures.
Last year, it was revealed by HSJ that simple multi-factor authentication—the same process used in online banking—could have prevented the attack.
Synnovis has confirmed the breach cost the company £33 million, but has refused to say whether it paid a ransom to regain control of its systems.
“Given some sensitivities we are unable to comment at this time,” a spokesman said.
NHS
| PAThe Department of Health and Social Care has since issued an open letter urging all NHS suppliers to implement basic cyber protections, including multi-factor authentication, cloud security standards and robust password protocols.
Synnovis claims it is now working with a “taskforce of IT experts” to rebuild its infrastructure, roll out external penetration testing, and align with national cyber security standards.
Cybersecurity experts have long warned that the NHS remains dangerously exposed to ransomware and phishing attacks. With thousands of systems, suppliers, and outdated hardware, many hospitals are seen as soft targets for organised cyber gangs.
“This should serve as a wake-up call,” said one cybersecurity specialist. “We’ve been lucky so far. But this incident proves that lives are now at risk.”
NHS ward
| PADeryck Mitchelson, former Director of National Digital and Chief Information Security Officer for NHS National Services Scotland, and global chief information officer at Check Point Software said: "Let’s be clear: when over 1,100 cancer treatments are delayed, 2,000 outpatient appointments cancelled, and more than 1,000 operations postponed, the outcome isn’t just disruption, it’s patient harm.
"The death now confirmed is tragic, but it is not surprising. When systems that underpin diagnostics and treatment are brought down at scale, the consequences are not hypothetical. This is the real-world cost.
"The NHS is critically reliant on a complex network of suppliers and service providers. But that means we are only ever as secure as the weakest link in the chain. Cybersecurity must be embedded across every layer, from frontline services to digital infrastructure, as a core part of patient safety.
"And to those behind these attacks: this wasn’t a faceless act. It wasn’t just systems or data you targeted - it was care. It was people. One of them has now lost their life. That should weigh heavily.”
Mark Dollar, CEO, Synnovis said: “We are deeply saddened to hear that last year’s criminal cyberattack has been identified as one of the contributing factors that led to this patient’s death. Our hearts go out to the family involved.”