NHS Patient Data Breach Mounts After Synnovis Cyberattack
A growing number of NHS patients are affected by a ransomware attack on Synnovis. Mid and South Essex NHS Foundation Trust reported 2,380 patient records compromised, adding to thousands already disclosed by other trusts. The full impact and timeline of the breach remain under investigation, highlighting the ongoing repercussions of the cyberattack.
Key points
- Mid and South Essex NHS Foundation Trust confirmed 2,380 patient records were compromised in the Synnovis ransomware attack.
- This adds to previously disclosed breaches, with Bedfordshire Hospitals NHS Foundation Trust reporting almost 33,000 affected records.
- Some compromised data cannot yet be linked to specific patients, making the final tally uncertain.
- The precise time period of the stolen records is also unconfirmed, though patients tested after June 3, 2024, were not affected.
- Synnovis completed its forensic review by late summer, notifying affected organizations by November, but some trusts were informed much later.
The fallout from a ransomware attack on healthcare data firm Synnovis continues to expand, with the Mid and South Essex NHS Foundation Trust announcing it was also a victim. The trust confirmed that approximately 2,380 patient records, primarily related to specialist diagnostic testing, were compromised.
This latest disclosure follows similar revelations from other NHS trusts, including Bedfordshire Hospitals NHS Foundation Trust, which earlier reported nearly 33,000 patient records were affected by the same breach. The ongoing nature of these revelations underscores the significant and protracted impact of the cyberattack on patient data security within the UK's National Health Service.
Authorities are still working to ascertain the full scope of the breach. Mid and South Essex NHS Trust stated that some of the stolen data is not yet directly attributable to individual patients, leaving the final count undetermined. Furthermore, the exact timeframe covered by the compromised records remains unclear, although the trust emphasized that patients tested after the attack date of June 3, 2024, are not impacted. Synnovis reportedly concluded its forensic investigation by the end of last summer and had notified relevant organizations by November, but some trusts received this information significantly later, causing delays in public disclosure and patient notification.
Sources
The WireByte editorial team synthesises technology news from multiple primary sources, verifies the facts, and links every source. Articles are produced with AI assistance and reviewed under our editorial policy.