Urgent warning as first Briton killed by cyber attack on NHS computers,
A patient died after a cyber attack caused dangerously long waits for blood test results, an NHS harm review has found.
The ransomware attack on pathology firm Synnovis saw more than a thousand operations cancelled as laboratories used by two major hospital trusts were unable to report results.
Following the breach last June, a harm review process has been taking place across affected NHS organisations.
This includes Guy’s and St Thomas’, King’s College and Lewisham and Greenwich hospitals, in London,; primary care across six London boroughs; and two mental health trusts.
This morning, a spokesperson for King’s College Hospital Foundation Trust told the Health Service Journal: ‘Sadly, one patient sadly died unexpectedly during the cyber-attack.
‘As is standard practice when this happens, we undertook a detailed review of their care.
‘The patient safety incident investigation identified a number of contributing factors that led to the patient’s death.
‘This included a long wait for a blood test result as a result of the cyber-attack impacting pathology services at the time.
‘We have met with the patient’s family, and shared the findings of the safety investigation with them.’
The trust said it could not confirm the date of the death or the person’s age, citing confidentiality.
South East London Integrated Care Board, which is collating the patient harm data, said last week that there were 170 cases linked to the attack, but most of them were classed as ‘low harm’.
At the time of the incident, GPs described not being able to access test results as like ‘flying blind’ and pathology networks in south west London and north central London were drafted in to try and cover some of the work Synnovis was unable to do.
For three months, GSTT and KCH were unable to do work that involved transfusions or blood matching and were forced to use universal blood types, depleting London stocks to the point where a national appeal had to be launched.
The HSJ revealed last year that the attack would have been prevented with the use of simple multi-factor authentication, familiar to most people from online banking and shopping.
Synnovis—which is 51 per cent owned by German pathology firm Synlab, with the minority stake controlled by KCH and GSTT—disclosed earlier this year that the total financial impact on the company had been £33m.
When asked last month if it had paid the ransom asked of it by the hackers, a spokesperson said: ‘Given some sensitivities we are unable to comment at this time.’
Last month the Department of Health and Social Care’s chief cyber security official Phil Huggins issued an open letter to suppliers working with the NHS urging them to implement multi-factor authentication and some other steps.
Synnovis previously said it was working with a taskforce of IT experts to improve standards and policies and conduct rigorous security testing.
Mark Dollar, chief executive of Synnovis, said: ‘We are deeply saddened to hear that last year’s criminal cyber attack has been identified as one of the contributing factors that led to this patient’s death.
‘Our hearts go out to the family involved.’
The company was hacked by Russia-linked cyber group Qilin, which later released 400GB of information it said it had stolen from its systems.
