Synnovis Ransomware Attack Data Breach Notification Delayed Over a Year

First reported

13.11.2025 11:30

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

Synnovis, an NHS pathology provider, has begun notifying clients about the extent of data stolen in a June 2024 ransomware attack by a Qilin affiliate. The attack led to blood supply shortages, cancellation of thousands of medical appointments, and at least one fatality. The breach affected approximately one million patients, with data including patient names, NHS numbers, and blood test descriptions. The notification process, delayed due to the complexity of the investigation, is expected to be completed by November 21, 2025. Experts have criticized the 17-month delay, citing poor data management and inadequate incident response.

Timeline

13.11.2025 11:30 1 articles · 23h ago

Synnovis Begins Notifying Clients of 2024 Ransomware Data Breach
Synnovis has started notifying clients about the extent of data stolen in a June 2024 ransomware attack. The breach affected approximately one million patients, and the notification process is expected to be completed by November 21, 2025. Experts have criticized the 17-month delay, citing poor data management and inadequate incident response.
Show sources

Synnovis Finally Issues Breach Notification After 2024 Ransomware Attack — www.infosecurity-magazine.com — 13.11.2025 11:30
Open in new tab

Information Snippets

Synnovis was hit by ransomware in June 2024, leading to significant disruptions in healthcare services.
First reported: 13.11.2025 11:30

1 source, 1 article
Show sources
- Synnovis Finally Issues Breach Notification After 2024 Ransomware Attack — www.infosecurity-magazine.com — 13.11.2025 11:30
The attack was perpetrated by a Qilin affiliate, resulting in the exfiltration of 400GB of data.
First reported: 13.11.2025 11:30

1 source, 1 article
Show sources
- Synnovis Finally Issues Breach Notification After 2024 Ransomware Attack — www.infosecurity-magazine.com — 13.11.2025 11:30
The stolen data included patient names, NHS numbers, and descriptions of blood tests.
First reported: 13.11.2025 11:30

1 source, 1 article
Show sources
- Synnovis Finally Issues Breach Notification After 2024 Ransomware Attack — www.infosecurity-magazine.com — 13.11.2025 11:30
Synnovis refused to pay the ransom, leading to the presumption that the data was sold on the cybercrime underground.
First reported: 13.11.2025 11:30

1 source, 1 article
Show sources
- Synnovis Finally Issues Breach Notification After 2024 Ransomware Attack — www.infosecurity-magazine.com — 13.11.2025 11:30
The breach affected approximately one million patients.
First reported: 13.11.2025 11:30

1 source, 1 article
Show sources
- Synnovis Finally Issues Breach Notification After 2024 Ransomware Attack — www.infosecurity-magazine.com — 13.11.2025 11:30
The notification process began in November 2025 and is expected to be completed by November 21, 2025.
First reported: 13.11.2025 11:30

1 source, 1 article
Show sources
- Synnovis Finally Issues Breach Notification After 2024 Ransomware Attack — www.infosecurity-magazine.com — 13.11.2025 11:30
Experts have criticized the 17-month delay in notification, citing poor data management and inadequate incident response.
First reported: 13.11.2025 11:30

1 source, 1 article
Show sources
- Synnovis Finally Issues Breach Notification After 2024 Ransomware Attack — www.infosecurity-magazine.com — 13.11.2025 11:30

Summary

Timeline

Synnovis Begins Notifying Clients of 2024 Ransomware Data Breach

Information Snippets