Blurred Walking Doctors in blank hall an office or medical institution hall room.

Synnovis alerts healthcare providers to data breach linked to 2024 ransomware attack

Synnovis has confirmed that patient data was stolen during the major ransomware attack that hit the organisation in June 2024. The pathology services provider is now notifying NHS organisations whose data was affected — more than a year after forensic teams began analysing the fragments of information taken. The update means that many patients across London may only now be learning that their personal medical details were caught up in the incident.

What we know about the data breach

Synnovis — an NHS pathology provider — confirmed that stolen data includes: 

  • NHS numbers 
  • Names and dates of birth 
  • Some clinical test information that can be linked to individual patients 

Because the data was “unstructured, incomplete and fragmented”, investigators say it took over a year to piece together what was taken. The company is now midway through contacting affected NHS organisations and expects this phase to be completed later this month.

  • King’s College Hospital 
  • Guy’s Hospital 
  • St Thomas’ Hospital 
  • Royal Brompton Hospital 
  • Evelina London Children’s Hospital 

Hundreds of operations and appointments were cancelled or postponed. Blood transfusion services were also affected, triggering shortages across the capital.  

For many, especially those with urgent medical needs, the emotional distress caused by the cancellation of critical procedures was overwhelming. The uncertainty and delays in receiving essential medical care heightened emotional and psychological stress, and patients who had critical surgeries or treatments scheduled were left in limbo. This breach affected not only their physical health, but also their mental well-being. 

Data allegedly stolen from Synnovis was later published online by the cybercriminal group Qilin, a ransomware-as-a-service operation linked to more than 300 attacks worldwide. Synnovis has confirmed that it did not pay a ransom, saying it would not financially support criminal activity targeting critical infrastructure. 

So, beyond the disruption of medical services, the exposed personal data may have left affected patients vulnerable to fraud, scams, and identity theft. 

What this means for patients

If your data was affected, you will hear from your NHS trust, not from Synnovis. Each organisation is carrying out its own assessment to determine which patients are impacted and how serious the risk may be. 

For many people, this will be the first time they discover their sensitive medical information has been compromised. If you want to find out more — including whether you could be due compensation — we’ll share everything you need to know.  

Find out more

Join the Claim connects consumers with SRA-regulated lawyers. Visit the claim page to check your eligibility if a claim is open with one of our trusted legal partners. If a group action has not yet been launched, you can register your interest and we’ll keep you informed if a partner firm decides to take a claim forward.  

This information is for general guidance only and does not constitute legal or financial advice.

Found this helpful? Share it

Facebook
Twitter
WhatsApp
LinkedIn
Email

Or

You may also like:

  • Environment, News, Vehicle

Can BMW drivers claim compensation for the diesel emissions scandal?

BMW faces legal action over emissions-cheating software. Learn what the scandal involves, who is affected, and what it means for UK diesel car owners.
  • Employment, News

Asda equal pay claim: Can store workers fight for fair wages?

Asda store workers may be underpaid. Check if you qualify for an equal pay claim and take action to seek the compensation you deserve.
  • Data Breach, Financial, News

Capita data breach: Legal response & ongoing investigations

Capita’s data breach exposed pension holders’ personal data. Stay updated on the latest legal action, investigations, and regulatory responses.

You might also like

See more resources

Several bottles of Johnson's baby powder on a store shelf, symbolising the Johnson and Johnson talc lawsuit over alleged asbestos contamination and cancer risks.
  • Health & Medical, News

Johnson & Johnson talc lawsuit in the UK: What you need to know

A UK lawsuit claims Johnson & Johnson’s talc products cause cancer. Learn about the case,...
Low-angle view of people walking in a city, symbolising unity and collective action, related to key facts about group litigation for seeking justice.
  • News

10 must-know facts about group litigation for first-time claimants

Discover 10 essential facts about group litigation for first-time claimants. Learn how joining a group...
  • News, Travel

How to claim compensation for flight delays or cancellations in the UK

Delayed 3+ hours or had a cancelled flight? You could claim up to £520 under...

Did you know we have a newsletter?

Sign up for our newsletter to stay up to date.

We connect consumers with their legal dream teams to ensure they get the compensation and support they deserve.

claims
About
Legal
Connect

Join the Claim is not a law firm. We connect individuals with top law firms for group action claims, and our service is free to use. While we may receive a fee from the law firms we introduce you to, this will not affect your costs or compensation. We are not responsible for the advice or services provided by these firms. Please note, nothing on this website is legal advice, and while we check claim eligibility, we cannot guarantee a law firm will accept a case.

Join the Claim is a registered trading name of Big on Media ltd. Big on Media is registered in the United Kingdom under licence number 09878028 with its registered office located at Big on Media, 32 Eyre Street, Sheffield, England, S1 4QZ

© Join the Claim All Rights Reserved | 2025

Go to claims