Qilin ransomware attack on NHS supplier contributed to patient fatality
(2025/06/26)
- Reference: 1750935729
- News link: https://www.theregister.co.uk/2025/06/26/qilin_ransomware_nhs_death/
- Source link:
The NHS says Qilin's ransomware attack on pathology services provider Synnovis last year led to the death of a patient.
King's College Hospital NHS Trust, one of the many trusts affected by Qilin's attack, confirmed the news on Wednesday.
An NHS spokesperson told The Register : "One patient sadly died unexpectedly during the cyberattack. As is standard practice when this happens, we undertook a detailed review of their care.
[1]
"The patient safety incident investigation identified a number of contributing factors that led to the patient's death. This included a long wait for a blood test result due to the cyberattack impacting pathology services at the time.
[2]
[3]
"We have met with the patient's family, and shared the findings of the safety investigation with them."
[4]News of the patient's death broke yesterday, and follows figures from the South East London Integrated Care Board last week revealing that 170 patients suffered harm as a result of the ransomware attack, although most were categorized as "low harm."
[5]
Several NHS trusts around London were affected by the attack on Synnovis. The resulting disruption to services led to thousands of appointments and procedures being cancelled, and as The Register [6]exclusively reported , tales of patient harm soon emerged.
Speaking on the confirmed death, Mark Dollar, CEO at Synnovis, said: "We are deeply saddened to hear that last year's criminal cyberattack has been identified as one of the contributing factors that led to this patient's death. Our hearts go out to the family involved."
According to an [7]analysis by cybersecurity experts at the Royal United Services Institute (RUSI), the majority of the other potential links between ransomware attacks and deaths have been contentious.
[8]
One of the more talked-about cases came in 2020 when a DoppelPaymer attack on a hospital in Düsseldorf [9]prompted a negligent homicide investigation in what was then a world-first ransomware death case.
A 78-year-old woman died of an aortic aneurysm after having to travel to a more distant hospital when the one closest to her, Düsseldorf University Clinic, was managing an attack.
[10]Qilin ransomware top dogs treat their minions to on-call lawyers for fierier negotiations
[11]Up to $75M needed to fix up rural hospital cybersecurity as ransomware gangs keep scratching at the door
[12]Qilin ransomware gang boasts of cyberattacks on cancer clinic, Ob-Gyn facility
[13]Cyberattack on NHS causes hospitals to miss cancer care targets
The hour-long delay to her critical treatment due to the diversion was suspected to have caused her death, although prosecutors concluded there were insufficient grounds to charge the clinic over the incident.
One 2023 paper by researchers at the University of Minnesota's School of Public Health claimed that from 2016 to 2021, between 42 and 67 US Medicare patients may have died as a result of ransomware.
The findings have not been published by a peer-reviewed journal, however, and others have questioned the statistical significance of the data that informed the conclusions.
Since the attack on Synnovis last year, other NHS trusts and healthcare facilities were put in the firing line.
A cyberattack on Wirral University Teaching Hospitals (WUTH) NHS Trust in North West England led to cancer care targets being missed across several facilities it oversees, [14]a February report revealed .
The nature of the attack remains unclear, but it was one of many cyberattacks on UK healthcare organizations in 2024.
Days after the hit on the WUTH Trust, INC Ransom claimed responsibility for an [15]attack on Alder Hey , one of England's top children's hospitals.
Qilin continues to attack all kinds of organizations, including those in the healthcare space. In March, it claimed responsibility for attacks on a [16]cancer clinic in Japan and a women's healthcare facility in the US , cementing its [17]"no regrets" attitude to targeting critical services. ®
Get our [18]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aF1umRBCeO-dBT7NU2j94AAAAQ8&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aF1umRBCeO-dBT7NU2j94AAAAQ8&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aF1umRBCeO-dBT7NU2j94AAAAQ8&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[4] https://www.hsj.co.uk/patient-safety/exclusive-first-nhs-cyber-attack-death-confirmed/7039557.article
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aF1umRBCeO-dBT7NU2j94AAAAQ8&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[6] https://www.theregister.com/2024/07/05/qilin_impacts_patient/
[7] https://www.rusi.org/explore-our-research/publications/commentary/ransomware-life-and-death-form-cybercrime
[8] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aF1umRBCeO-dBT7NU2j94AAAAQ8&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[9] https://www.theregister.com/2020/09/23/doppelpaymer_german_hospital_ransomware/
[10] https://www.theregister.com/2025/06/20/qilin_ransomware_top_dogs_treat/
[11] https://www.theregister.com/2025/03/06/rural_hospitals_cybersecurity/
[12] https://www.theregister.com/2025/03/05/qilin_ransomware_credit/
[13] https://www.theregister.com/2025/02/04/cyberattack_on_nhs_hospitals_sees/
[14] http://theregister.com/2025/02/04/cyberattack_on_nhs_hospitals_sees/
[15] https://www.theregister.com/2024/11/29/inc_ransom_alder_hey_childrens_hospital/
[16] https://www.theregister.com/2025/03/05/qilin_ransomware_credit/
[17] https://www.theregister.com/2024/06/20/qilin_our_plan_was_to/
[18] https://whitepapers.theregister.com/
King's College Hospital NHS Trust, one of the many trusts affected by Qilin's attack, confirmed the news on Wednesday.
An NHS spokesperson told The Register : "One patient sadly died unexpectedly during the cyberattack. As is standard practice when this happens, we undertook a detailed review of their care.
[1]
"The patient safety incident investigation identified a number of contributing factors that led to the patient's death. This included a long wait for a blood test result due to the cyberattack impacting pathology services at the time.
[2]
[3]
"We have met with the patient's family, and shared the findings of the safety investigation with them."
[4]News of the patient's death broke yesterday, and follows figures from the South East London Integrated Care Board last week revealing that 170 patients suffered harm as a result of the ransomware attack, although most were categorized as "low harm."
[5]
Several NHS trusts around London were affected by the attack on Synnovis. The resulting disruption to services led to thousands of appointments and procedures being cancelled, and as The Register [6]exclusively reported , tales of patient harm soon emerged.
Speaking on the confirmed death, Mark Dollar, CEO at Synnovis, said: "We are deeply saddened to hear that last year's criminal cyberattack has been identified as one of the contributing factors that led to this patient's death. Our hearts go out to the family involved."
According to an [7]analysis by cybersecurity experts at the Royal United Services Institute (RUSI), the majority of the other potential links between ransomware attacks and deaths have been contentious.
[8]
One of the more talked-about cases came in 2020 when a DoppelPaymer attack on a hospital in Düsseldorf [9]prompted a negligent homicide investigation in what was then a world-first ransomware death case.
A 78-year-old woman died of an aortic aneurysm after having to travel to a more distant hospital when the one closest to her, Düsseldorf University Clinic, was managing an attack.
[10]Qilin ransomware top dogs treat their minions to on-call lawyers for fierier negotiations
[11]Up to $75M needed to fix up rural hospital cybersecurity as ransomware gangs keep scratching at the door
[12]Qilin ransomware gang boasts of cyberattacks on cancer clinic, Ob-Gyn facility
[13]Cyberattack on NHS causes hospitals to miss cancer care targets
The hour-long delay to her critical treatment due to the diversion was suspected to have caused her death, although prosecutors concluded there were insufficient grounds to charge the clinic over the incident.
One 2023 paper by researchers at the University of Minnesota's School of Public Health claimed that from 2016 to 2021, between 42 and 67 US Medicare patients may have died as a result of ransomware.
The findings have not been published by a peer-reviewed journal, however, and others have questioned the statistical significance of the data that informed the conclusions.
Since the attack on Synnovis last year, other NHS trusts and healthcare facilities were put in the firing line.
A cyberattack on Wirral University Teaching Hospitals (WUTH) NHS Trust in North West England led to cancer care targets being missed across several facilities it oversees, [14]a February report revealed .
The nature of the attack remains unclear, but it was one of many cyberattacks on UK healthcare organizations in 2024.
Days after the hit on the WUTH Trust, INC Ransom claimed responsibility for an [15]attack on Alder Hey , one of England's top children's hospitals.
Qilin continues to attack all kinds of organizations, including those in the healthcare space. In March, it claimed responsibility for attacks on a [16]cancer clinic in Japan and a women's healthcare facility in the US , cementing its [17]"no regrets" attitude to targeting critical services. ®
Get our [18]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aF1umRBCeO-dBT7NU2j94AAAAQ8&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aF1umRBCeO-dBT7NU2j94AAAAQ8&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aF1umRBCeO-dBT7NU2j94AAAAQ8&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[4] https://www.hsj.co.uk/patient-safety/exclusive-first-nhs-cyber-attack-death-confirmed/7039557.article
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aF1umRBCeO-dBT7NU2j94AAAAQ8&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[6] https://www.theregister.com/2024/07/05/qilin_impacts_patient/
[7] https://www.rusi.org/explore-our-research/publications/commentary/ransomware-life-and-death-form-cybercrime
[8] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aF1umRBCeO-dBT7NU2j94AAAAQ8&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[9] https://www.theregister.com/2020/09/23/doppelpaymer_german_hospital_ransomware/
[10] https://www.theregister.com/2025/06/20/qilin_ransomware_top_dogs_treat/
[11] https://www.theregister.com/2025/03/06/rural_hospitals_cybersecurity/
[12] https://www.theregister.com/2025/03/05/qilin_ransomware_credit/
[13] https://www.theregister.com/2025/02/04/cyberattack_on_nhs_hospitals_sees/
[14] http://theregister.com/2025/02/04/cyberattack_on_nhs_hospitals_sees/
[15] https://www.theregister.com/2024/11/29/inc_ransom_alder_hey_childrens_hospital/
[16] https://www.theregister.com/2025/03/05/qilin_ransomware_credit/
[17] https://www.theregister.com/2024/06/20/qilin_our_plan_was_to/
[18] https://whitepapers.theregister.com/
Rot
elsergiovolador
While ransomware gangs are rightly blamed, it’s a bit like blaming the rain for getting wet - instead of asking why no one brought an umbrella. The deeper rot goes unexamined: health systems treated as cost-cutting puzzles, where digital resilience is an afterthought. Cybersecurity isn’t just about protecting data anymore - it’s about whether someone lives or dies while waiting for test results or urgent care.
Critical services run on legacy systems, brittle integrations, and vendors selected more for cost than reliability. Ministers talk up “digital transformation” while treating the domestic tech workforce with open disregard.
Stagnant wages, chaotic tax policy, and zero incentive to work in the public sector have created a vacuum. There’s no queue of skilled engineers lining up to secure NHS infrastructure when better pay and conditions await elsewhere.
And when the inevitable happens? No names. No resignations. No transparency. Just another wave of glossy AI brochures and vague assurances that “lessons will be learned.”
Until critical infrastructure is funded, staffed, and built with resilience - not outsourced in the name of “efficiency” - these quiet tragedies will continue. Buried in euphemism, in a system too fragmented to protect the people it’s meant to serve.
Apportioning Blame
Yes, bad ransomware people.
Bad hospital executives, too? Could this attack have been thwarted or mitigated by proper IT systems, staff training, and failover systems (possibly manual)?
A "Magic computer box not work, we give up, send everyone home" attitude is inexcusable for a hospital.