As first reported by The Record by Recorded Future News, newly obtained government data reveals that two cyber attacks targeting the NHS in 2023 posed risks of clinical harm to over 50 patients. While no deaths were recorded, the incidents highlight the increasing danger posed by financially motivated cybercriminals to healthcare operations and patient outcomes. One of the likely incidents was the ransomware attack on Synnovis, which severely disrupted pathology services across several London hospitals, delaying surgeries and essential care.
Source: synnovis.co.uk.
Another reported case involved Wirral University Teaching Hospital NHS Foundation Trust, where cancer treatments were delayed due to system outages. These disruptions, categorized under the third-highest severity level of the UK’s Network and Information Systems (NIS) Regulations, show that critical service interruptions can have a direct impact on patient safety—even if they fall short of resulting in fatalities.
Systemic Risks and Calls for Reform
The Health Services Safety Investigations Body (HSSIB) has warned that cyberattacks disrupting Electronic Patient Records (EPRs) and diagnostics pose serious risks to patient safety and add strain to overstretched healthcare staff. In response, the UK government plans to introduce the Cyber Security and Resilience Bill to expand regulations to critical suppliers like software vendors. NHS leaders are also pushing for stronger defenses against ransomware, with officials stressing that cybersecurity is now essential to protecting both healthcare systems and patient lives.
