Synnovis's 18-month forensic review of Qilin intrusion completed, now affected patients to be notified

Synnovis has finally wrapped up its investigation into the 2024 ransomware attack that crippled pathology services across London, ending an 18-month effort to untangle what the NHS supplier describes as one of the most complex data reconstruction jobs it has ever faced.

The attack, claimed at the time by the Qilin ransomware gang, forced the cancellation of thousands of appointments and operations after the pathology provider's systems went dark in June 2024. Synnovis has now confirmed that its forensic review is complete, but the company still isn't saying how many people were affected.

Security firm CaseMatrix previously estimated that data relating to more than 900,000 NHS patients was leaked, according to Recorded Future, though Synnovis has neither corroborated nor disputed that figure.

Notably, in June 2025, King's College Hospital NHS Trust confirmed that the disruption caused by Synnovis's supplier breach contributed to the death of ...