Synnovis attack led to at least five cases of ‘moderate’ patient harm

  • 12 November 2024
Synnovis attack led to at least five cases of ‘moderate’ patient harm
St Thomas' Hospital (Credit: William Barton / Shutterstock.com)
  • The cyber attack on NHS pathology provider Synnovis caused 119 cases of patient harm, according to figures from South East London Integrated Care Board
  • Out of 498 incidents, 114 caused “low harm” and five cases at Guy's and St Thomas’ NHS Foundation Trust caused "moderate harm"
  • There are 91 patient safety events related to the incident still under review

The cyber attack on NHS pathology provider Synnovis caused at least 119 incidents of patient harm, including at least five cases of “moderate” harm, according to figures provided by South East London Integrated Care Board (ICB).

Healthcare services in London were disrupted by the attack in June 2024, with an NHS London update on 4 October showing that 10,152 acute outpatient appointments and 1,710 elective procedures were postponed at King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS FT.

South East London ICB told Digital Health News that of 498 patient safety incidents linked to the attack, 114 were deemed to have caused “low harm” and five at Guy’s and St Thomas’ caused “moderate” harm.

There are also 91 related patient safety incidents being reviewed – 67 at King’s College Hospital and 24 at South London and Maudsley NHS Foundation Trust.

Helen Hughes, chief executive of Patient Safety Learning, told Digital Health News: “In addition to these recorded cases of harm, this incident may have resulted in further patient harm that is more difficult to capture.

“Disruption caused by cyber attacks often results in significant delays to care and treatment, with longer waits having a particularly serious impact on patients with chronic conditions and worsening health.

“The impact of these delays will only be seen over time.”

NHS policy on patient safety events and levels of harm defines moderate harm as where a patient “did not need immediate life-saving intervention” but needed or will likely require follow-up care.

It is also deemed moderate harm if a patient’s independence is limited for less than six months or has affected the success of treatment “but without meeting the criteria for reduced life expectancy or accelerated disability”.

An incident is defined as low harm when a patient requires extra observation or minor treatment but does not need further healthcare beyond a single GP, community healthcare professional, emergency department or clinic visit or require further treatment beyond dressing changes or short courses of oral medication.

A low harm incident must not have affected a patient’s independence or the success of treatment for existing health conditions.

Figures from South East London ICB show that there were 155 cases of no harm at Guy’s and St Thomas’, 51 low harm and five moderate.

At King’s College Hospital, there were 109 cases of no harm and 61 low harm.

Lewisham and Greenwich NHS Trust reported four cases of no harm and two low harm, and Oxleas NHS Foundation Trust had eight incidents of no harm.

In primary care, 29 reported incidents were recorded as low or no harm in a single grouping.

South East London ICB said that data on patient harm is collected on a quarterly basis, with the next batch of figures expected in early 2025.

A spokesperson for Synnovis told Digital Health News: “We do continuously invest in the security of our IT estate and processes as well as the awareness of employees to protect our infrastructure and data.”

Guy’s and St Thomas’ NHS FT, King’s College Hospital NHS FT and NHS London declined comment.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Data published online following data breach at Alder Hey

Data published online following data breach at Alder Hey

A major data breach of Alder Hey Children’s NHS FT's online systems has seen private information published online and shared via social media.
Major cyber security incident declared at Merseyside hospital

Major cyber security incident declared at Merseyside hospital

A “major incident” has been declared at Wirral University Teaching Hospital NHS Foundation Trust “for cyber security reasons”.
Airedale NHS FT postpones Oracle EPR go-live indefinitely

Airedale NHS FT postpones Oracle EPR go-live indefinitely

Airedale NHS Foundation Trust has postponed the go-live of its Oracle Health electronic patient record (EPR) system for a second time.

Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.