The impact of a cyber attack on NHS hospitals in London that has seen operations cancelled and delayed blood transfusions is set to last for weeks.
A critical incident was declared on Tuesday at Guy’s and St Thomas’ and Kings College hospitals, which cancelled operations.
Staff were unable to access an IT system needed for blood transfusions.
The IT hack is affecting the systems used at the Royal Brompton, heart and lung specialist Harefield Hospital, Guy’s, St Thomas’ & King’s College hospitals.
Royal Brompton and Harefield hospitals have been forced to cancel all transplant surgeries. Nearby hospitals in London are accepting extra patients.
GP surgeries in the London boroughs of Bexley, Greenwich, Lewisham, Bromley, Southwark and Lambeth are also affected.
And the impact of the hack could last for “weeks, rather than days”, according to Ben Clover, bureau chief at the Health Service Journal, an industry publication.
He told LBC: “This is one of the things that is so disturbing to my contacts in the NHS is that you can have IT failures within a hospital [and] they usually get fixed fairly quickly.”
“People are expecting this to take weeks, rather than days, so it’s a really, really worrying time.”
The cyber attack affected IT system run by private company Synnovis, which apologised for the incident.
Roy Lilley, a health service analyst, said: “This system is responsible for not only the distribution of blood and blood products, but also pathology.
“Pathology is where you go when you need blood tests and all the other tests done, urine and so on, and in a modern hospital you can’t move really without pathology tests.”
Earlier, the CEO of Guy’s and St Thomas’ wrote to stage saying there was a ‘critical incident’ affected pathology services.
“This is having a major impact on the delivery of our services, with blood transfusions being particularly affected.
In a statement Mark Dollar, Synnovis CEO, said: “On Monday June 3, Synnovis – a partnership between two London-based hospital Trusts and SYNLAB – was the victim of a ransomware cyberattack. This has affected all Synnovis IT systems, resulting in interruptions to many of our pathology services.
“It is still early days and we are trying to understand exactly what has happened. A taskforce of IT experts from Synnovis and the NHS is working to fully assess the impact this has had, and to take the appropriate action needed. We are working closely with NHS Trust partners to minimise the impact on patients and other service users.
“Regrettably this is affecting patients, with some activity already cancelled or redirected to other providers as urgent work is prioritised. We are incredibly sorry for the inconvenience and upset this is causing to patients, service users and anyone else affected. We are doing our best to minimise the impact and will stay in touch with local NHS services to keep people up to date with developments.
“We take cybersecurity very seriously at Synnovis and have invested heavily in ensuring our IT arrangements are as safe as they possibly can be. This is a harsh reminder that this sort of attack can happen to anyone at any time and that, dispiritingly, the individuals behind it have no scruples about who their actions might affect.
“The incident is being reported to law enforcement and the Information Commissioner, and we are working with the National Cyber Security Centre and the Cyber Operations Team. We will share further updates as we know more, but regret that we are unable to respond to individual queries from the media at this time – thank you for your understanding.”
“Some activity has already been cancelled or redirected to other providers at short notice as we prioritise the clinical work that we are able to safely carry out.”
Clinical staff were told that “our pathology partner Synnovis experienced a major IT incident earlier today.”
The husband of a patient asked yesterday: “My wife has a phlebotomy appointment at 7.40am for gestational diabetes checks amongst other things.
“She received a text at 7pm this evening saying phlebotomy services are cancelled until further notice. What can she do? Is the appt still taking place? Really poor comms.”
A spokesman for King’s College Hospital in London confirmed it was affected by the cyber attack.
The incident is thought to have occurred on Monday, meaning some departments could not connect to their main server. In a letter to staff, King’s said the “major IT incident” was having a major impact on the delivery of services, with blood transfusions particularly affected.
Some procedures have been cancelled or redirected to other NHS providers, it said.