We often talk about cyber attacks in terms of the day they happen. The Synnovis case is a stark reminder that the disruption can last for years — and that recovery is rarely as quick as anyone hopes.
What happened
As reported by Recorded Future News, the June 2024 ransomware attack on Synnovis — a pathology services provider for South East London — was still disrupting NHS care more than 18 months later. The attack, attributed to the Qilin group, severely impaired blood testing, forced cancelled operations and delayed treatment, and involved the theft of sensitive patient data. Reporting indicated that information relating to close to a million patients may have been exposed. Well over a year on, at least one trust was still operating without fully restored systems, relying on manual processes and managing large backlogs of delayed results. One hospital recorded a patient death in which the attack was considered a contributing factor.
Why it matters to you
Two lessons stand out. First, a supplier's breach can cascade into severe, long-lasting harm for the organisations and people who depend on it — the supply-chain theme again. Second, "recovery" is not a switch you flip; rebuilding systems and clearing backlogs can take many months, during which you're running on workarounds.
What to do
- Plan for a long outage, not just a bad afternoon — can you operate manually for weeks if needed?
- Keep offline, tested backups so you can rebuild on your own terms.
- Map your critical suppliers and understand what happens if one is down for an extended period.
- Rehearse your continuity plan so the workarounds are known before you need them.
Note: dates around this ongoing story may be refined as further reporting emerges.
Want to understand your own supplier and cyber risk? Get in touch and we'll help you make sense of it.