NHS patient data breaches expose records and deepen harm to attack victims
Nottingham University Hospitals NHS Trust apologized after a public inquiry found survivors of the 2023 Nottingham attacks were not properly included when the trust investigated unauthorized access to their medical records. The inquiry said staff inappropriately viewed victims’ records without authorization, and a 2025 internal investigation uncovered broader misuse of sensitive patient information. The trust said its response initially focused too narrowly on bereaved families, while disciplinary action resulted in 11 employees being dismissed and several others receiving written warnings for serious data protection violations.
Separately, the fallout from the 2024 Synnovis ransomware attack linked to the Qilin gang continues to widen across the NHS, with Mid and South Essex NHS Foundation Trust confirming about 2,380 specialist diagnostic testing records were affected after Bedfordshire Hospitals NHS Foundation Trust disclosed nearly 33,000 impacted records. The attack disrupted pathology services across south east London, causing canceled appointments, delayed operations, and blood testing and transfusion problems, while stolen patient data was later published online after extortion failed. NHS organizations are still identifying affected patients, and King’s College Hospital NHS Foundation Trust has said service delays caused by the outage contributed to a patient’s death.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
12 events from the most recent confirmed update back to the earliest known activity.
Essex trust confirms 2,380 diagnostic testing records affected
Mid and South Essex NHS Foundation Trust confirmed that about 2,380 specialist diagnostic testing records were affected by the 2024 Synnovis ransomware breach, with some compromised data still not tied to specific individuals.
King’s College Hospital links outage delays to a patient death
King’s College Hospital NHS Foundation Trust later confirmed that service delays caused by the Synnovis outage contributed to a patient’s death.
Bedfordshire trust says nearly 33,000 records were involved
Bedfordshire Hospitals NHS Foundation Trust earlier disclosed that nearly 33,000 patient records were involved in the Synnovis breach, showing the scale of downstream impact on NHS organizations.
Synnovis notifies affected organizations by November
Synnovis said it had notified affected organizations about the breach by November following its forensic review.
Synnovis completes forensic review of ransomware breach
Synnovis said it completed its forensic review of the Qilin-linked ransomware attack by the end of summer, concluding a key phase of incident analysis.
Stolen Synnovis patient data published online after extortion failed
After extortion attempts failed, stolen patient data from the Synnovis incident was published online, escalating the impact of the ransomware attack.
Synnovis ransomware attack disrupts NHS pathology services
A 2024 ransomware attack on Synnovis linked to the Qilin gang disrupted pathology services across south east London, causing canceled appointments and operations as well as delayed blood testing and transfusions.
Nottingham NHS trust apologizes to survivors excluded from inquiry
Nottingham University Hospitals NHS Trust apologized after a public inquiry found survivors of the Nottingham attacks were not properly considered when the trust began investigating the patient data breach.
Nottingham inquiry finds staff dismissed over record snooping
A public inquiry found that 11 Nottingham University Hospitals NHS Trust employees were dismissed and several others received written warnings for serious data protection violations involving victims’ records.
Nottingham NHS trust launches internal breach investigation
In 2025, Nottingham University Hospitals NHS Trust began an internal investigation that uncovered widespread unauthorized access by staff to sensitive patient information related to the Nottingham attacks.
Patients tested after June 3, 2024 excluded from Essex breach impact
Mid and South Essex NHS Foundation Trust said patients tested after June 3, 2024 were not affected by the Synnovis breach, establishing a cutoff for the impacted diagnostic testing records.
Nottingham attacks prompt later patient-records misuse case
The June 13, 2023 Nottingham attacks became the context for a later data breach case involving inappropriate access by Nottingham University Hospitals NHS Trust staff to victims’ medical records.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
Qilin NHS breach tally grows as Essex trust confirms stolen records
theregister.com
Open sourceNottingham Attacks Survivors Left Out in Data Breach Inquiry as NHS Trust Apologizes - CySecurity News - Latest Information Security and Hacking Incidents
cysecurity.news
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Synnovis Ransomware Breach Exposed Data of 32,927 Bedfordshire NHS Patients
Bedfordshire Hospitals NHS Foundation Trust said data relating to **32,927 patients** was identified in material stolen during the **Synnovis ransomware attack**, confirming that the incident extended beyond service disruption into a significant patient data breach. The compromised information was linked to pathology-related files dating from **2011 to 2020** and may include personal details and diagnostic test results. The trust issued a public notification tied to the Synnovis cyber incident and began informing affected individuals after determining that their records were present in data later published on dark web sites. The organizations involved said notification was delayed because the stolen material was fragmented across unstructured administrative pathology files, requiring lengthy forensic analysis to attribute ownership and assess impact. Security experts said the case highlights the long-tail risk of third-party attacks in NHS supply chains, warning that even partial or disjointed healthcare records can be combined by threat actors for phishing, fraud, and other identity-related abuse.
Jun 15, 2026
Qilin ransomware attack on London hospitals disrupted care and was linked to a death
A ransomware attack attributed to the Russia-based **Qilin** gang severely disrupted pathology and clinical services at London hospitals, with officials and media reports identifying the incident as the cause of widespread delays to treatment and diagnostics. Reporting on the fallout said nearly **200 cancer operations** were postponed, alongside other surgeries and appointments, after systems supporting blood testing and related services were knocked offline. Qilin was identified in multiple reports as the group behind the intrusion, and it later published stolen **NHS** data online. The consequences later escalated beyond operational disruption when a patient's death was confirmed to have been linked to the attack, underscoring the life-threatening impact of ransomware on healthcare delivery. Former NHS National Services Scotland CISO Alastair Mitchelson said such an outcome was tragic but not surprising when systems used for diagnosis and treatment fail at scale. Qilin reportedly expressed regret for the harm while denying responsibility, and claimed the attack was a political protest tied to grievances against the UK government.
May 25, 2026
Extortion Attack on NHS Dumfries and Galloway Exposed Children’s Health Records
NHS Dumfries and Galloway disclosed a cyberattack that raised the risk of patient data exposure, and weeks later stolen records linked to the incident were published online as part of an extortion campaign. Reporting indicated that highly sensitive files involving children’s health information were among the leaked material, escalating the impact from service disruption to a serious confidentiality breach affecting vulnerable patients. The incident fits a broader pattern of ransomware and extortion operations targeting healthcare providers, where attackers disrupt clinical systems and use stolen data to pressure victims. Similar attacks previously hit New Zealand’s Waikato District Health Board, where a ransomware intrusion crippled hospital IT, forced lengthy restoration from backups across hundreds of servers and thousands of workstations, and underscored that healthcare organizations remain high-value targets because outages and data theft can directly affect patient care.
May 25, 2026