A ransomware attack that crippled NHS pathology systems last year has now been linked to the death of a patient at King’s College Hospital in London. The attack, which hit Synnovis, a major diagnostics provider for NHS trusts across southeast London, caused widespread disruption to blood tests and diagnostics from 3 June 2024 onward.

King’s College Hospital NHS Foundation Trust confirmed the patient died on the same day the cyberattack began, and that a delay in blood test results caused by the outage was a contributing factor. The case is now considered one of the first publicly acknowledged deaths in the UK directly linked to a cyberattack on healthcare infrastructure.

The broader impact was severe. More than 10,000 appointments and procedures were disrupted. NHS England recorded 170 incidents of patient harm as a result of the attack, most classified as low or moderate, but two, including the fatality, marked as severe. Synnovis, which serves hospitals including King’s and Guy’s & St Thomas’, had to revert to manual processes for weeks, creating major backlogs across services.

The attackers, believed to be the Qilin ransomware group, demanded a $50 million ransom and later published over 400GB of stolen data, including confidential patient information. Financially, Synnovis reported losses of over £32 million, far exceeding its previous year’s profit.

Digital health experts say this case could mark a turning point. Dr Saif Abed, who advises on cyber risk in healthcare, warned the attack may have caused more unreported harm and called for an independent inquiry into NHS cybersecurity and contingency planning.

What started as an IT failure quickly escalated into a clinical emergency. The patient’s death at King’s underscores a sobering reality: when digital systems fail in healthcare, the consequences can be fatal.