Qilin ransomware attack on NHS supplier contributed to patient fatality

June 26, 2025 TH Author

The NHS says Qilin’s ransomware attack on pathology services provider Synnovis last year led to the death of a patient.

King’s College Hospital NHS Trust, one of the many trusts affected by Qilin’s attack, confirmed the news on Wednesday.

An NHS spokesperson told The Register: “One patient sadly died unexpectedly during the cyberattack. As is standard practice when this happens, we undertook a detailed review of their care.

“The patient safety incident investigation identified a number of contributing factors that led to the patient’s death. This included a long wait for a blood test result due to the cyberattack impacting pathology services at the time.

“We have met with the patient’s family, and shared the findings of the safety investigation with them.”

News of the patient’s death broke yesterday, and follows figures from the South East London Integrated Care Board last week revealing that 170 patients suffered harm as a result of the ransomware attack, although most were categorized as “low harm.”

Several NHS trusts around London were affected by the attack on Synnovis. The resulting disruption to services led to thousands of appointments and procedures being cancelled, and as The Register exclusively reported, tales of patient harm soon emerged.

Speaking on the confirmed death, Mark Dollar, CEO at Synnovis, said: “We are deeply saddened to hear that last year’s criminal cyberattack has been identified as one of the contributing factors that led to this patient’s death. Our hearts go out to the family involved.”

According to an analysis by cybersecurity experts at the Royal United Services Institute (RUSI), the majority of the other potential links between ransomware attacks and deaths have been contentious.

One of the more talked-about cases came in 2020 when a DoppelPaymer attack on a hospital in Düsseldorf prompted a negligent homicide investigation in what was then a world-first ransomware death case.

A 78-year-old woman died of an aortic aneurysm after having to travel to a more distant hospital when the one closest to her, Düsseldorf University Clinic, was managing an attack.

The hour-long delay to her critical treatment due to the diversion was suspected to have caused her death, although prosecutors concluded there were insufficient grounds to charge the clinic over the incident.

One 2023 paper by researchers at the University of Minnesota’s School of Public Health claimed that from 2016 to 2021, between 42 and 67 US Medicare patients may have died as a result of ransomware.

The findings have not been published by a peer-reviewed journal, however, and others have questioned the statistical significance of the data that informed the conclusions.

Since the attack on Synnovis last year, other NHS trusts and healthcare facilities were put in the firing line.

A cyberattack on Wirral University Teaching Hospitals (WUTH) NHS Trust in North West England led to cancer care targets being missed across several facilities it oversees, a February report revealed.

The nature of the attack remains unclear, but it was one of many cyberattacks on UK healthcare organizations in 2024.

Days after the hit on the WUTH Trust, INC Ransom claimed responsibility for an attack on Alder Hey, one of England’s top children’s hospitals.

Qilin continues to attack all kinds of organizations, including those in the healthcare space. In March, it claimed responsibility for attacks on a cancer clinic in Japan and a women’s healthcare facility in the US, cementing its “no regrets” attitude to targeting critical services. ®