Three years after the Synnovis cyberattack, blood tests could be carried out again by general practitioners

As the British health system NHS London confirmed, blood testing services of general practitioners across south-east London have been restored following the cyberattack on Synnovis.

The June 2024 ransomware attack caused disruption to pathology services in Southwark, Lambeth and Bromley, with thousands of operations and procedures postponed.

In an update on 19 September 2024, Jane Fryer, medical director of NHS London, said: “Testing services have resumed for GPs in all boroughs of south-east London and we are working hard to fully restore blood transfusion services in the next few weeks.”

She added that currently “consistently few appointments and treatments are being cancelled or postponed”.

“Thanks to mutual aid arrangements, we have been able to maintain planned surgeries and transplants for our patients across south-east London,” Fryer said.

Although most of Synnovis' services for general practitioners and hospitals are now operating at full capacity, some manual processes remain while Synnovis restores the IT systems that provide the electronic connection between laboratories and their service users.

Mark Dollar, CEO of Synnovis, said GP users had been given “regained access to the full repertoire of medical diagnostic services”.

“I am pleased to report that these final handovers have gone smoothly and that GP services continue to operate efficiently and effectively in our new central laboratory.

“The majority of hospital services are now running as they did before the cyberattack, although some of our processes are still performed manually while we rebuild the digital interfaces,” Dollar said.

He added that plans were underway to restart the programme to transform pathology services for patients across south-east London, which was paused in June immediately after the cyberattack.

“We continue to make good and steady progress in implementing our recovery plan and I would like to once again thank patients, doctors and other service users for their understanding, support and patience,” Said Dollar.

Data for the fifteenth week after the attack (9-15 September 2024) shows that in the two most affected trusts, King's College Hospital NHS Foundation Trust and Guy's and St Thomas' NHS Foundation Trust, six acute outpatient appointments and one planned procedure had to be postponed due to the attack.

This means that to date, 10,146 acute outpatient appointments and 1,705 planned procedures have been postponed across both trusts.

Meanwhile, NHS England and the National Data Guardian have announced an updated cyber resilience framework for health and social care organisations, which will come into force on 2 September 2024.

As part of this change, the NHS Data Security and Protection Toolkit will gradually transition from using the NDG's ten data security standards to using the National Cyber ​​Security Centre's Cyber ​​Assessment Framework (CAF) as the underlying assessment mechanism.

Prime Minister Keir Starmer's plan to introduce a new Cybersecurity and Resilience Bill that would extend regulation to more digital services and supply chains was announced in the King's Speech on 17 July 2024.