What happened
Synnovis, a UK-based pathology services provider, has confirmed a data breach resulting from the ransomware attack that hit the company in June 2024. The breach exposed sensitive patient and employee data, including personal identifiers and limited medical information, following the incident that disrupted diagnostic services across several London hospitals.
Who is affected
The breach affects patients, hospital staff, and other individuals whose data was stored in Synnovis systems. The company has notified impacted NHS partners and is working with authorities to assess the full extent of the exposure.
Why CISOs should care
The Synnovis case highlights the continuing risks posed by ransomware in healthcare and critical service supply chains. Even months after containment, data exfiltration and delayed breach disclosures can extend the impact of an attack, damaging trust and regulatory compliance.
3 practical actions
- Review third-party data handling agreements to ensure service providers meet your organization’s security standards.
- Implement continuous monitoring for anomalous data transfers and ransomware indicators across connected systems.
- Establish clear post-incident disclosure protocols to manage regulatory obligations and maintain transparency.