Synnovis Ransomware Breach Exposed Data of 32,927 Bedfordshire NHS Patients
Bedfordshire Hospitals NHS Foundation Trust said data relating to 32,927 patients was identified in material stolen during the Synnovis ransomware attack, confirming that the incident extended beyond service disruption into a significant patient data breach. The compromised information was linked to pathology-related files dating from 2011 to 2020 and may include personal details and diagnostic test results. The trust issued a public notification tied to the Synnovis cyber incident and began informing affected individuals after determining that their records were present in data later published on dark web sites.
The organizations involved said notification was delayed because the stolen material was fragmented across unstructured administrative pathology files, requiring lengthy forensic analysis to attribute ownership and assess impact. Security experts said the case highlights the long-tail risk of third-party attacks in NHS supply chains, warning that even partial or disjointed healthcare records can be combined by threat actors for phishing, fraud, and other identity-related abuse.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Bedfordshire Hospitals notifies patients about Synnovis data breach
Bedfordshire Hospitals NHS Foundation Trust notified affected individuals that their data had been identified in material stolen during the Synnovis incident. The trust warned patients to watch for phishing, suspicious communications, and identity-related fraud.
Forensic analysis links stolen Synnovis data to Bedfordshire patients
After more than a year of specialist forensic analysis, Bedfordshire Hospitals NHS Foundation Trust determined that data linked to approximately 32,927 patients was present in the stolen material. The review was delayed because the information was fragmented across unstructured administrative pathology files.
Synnovis ransomware incident leads to theft of pathology data
During the June 2024 cyber incident affecting pathology services provider Synnovis, attackers stole data later published on dark web sites. The stolen material included pathology-related files connected to Bedfordshire Hospitals NHS Foundation Trust.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
Healthcare Cyber Breach Raises Concerns After 33,000 Patients Affected - CySecurity News - Latest Information Security and Hacking Incidents
cysecurity.news
Open sourceNotification - Synnovis Cyber Incident - Bedfordshire Hospitals NHS Trust
bedfordshirehospitals.nhs.uk
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Synnovis Ransomware Attack and Data Breach Notification to UK Healthcare Providers
Synnovis, a British pathology laboratory services firm, has begun notifying UK healthcare providers that patient data may have been compromised in a ransomware attack that occurred in June 2024. The attack disrupted laboratory services and caused blood shortages, significantly impacting patient care for several months. Following a complex forensic investigation, Synnovis determined that cybercriminals stole data in a hasty and disorganized manner from a working drive, resulting in fragmented and unstructured data exfiltration. The company stated that none of the stolen data originated from its primary laboratory database. Under UK data protection law, Synnovis is responsible for informing healthcare providers, who must then notify affected patients if necessary. The notification process follows more than a year of investigation to identify the scope and nature of the compromised data. Synnovis emphasized the challenges in analyzing the stolen data due to its random and untargeted extraction during the cyberattack.
Apr 19, 2026
NHS patient data breaches expose records and deepen harm to attack victims
Nottingham University Hospitals NHS Trust apologized after a public inquiry found survivors of the 2023 Nottingham attacks were not properly included when the trust investigated unauthorized access to their medical records. The inquiry said staff inappropriately viewed victims’ records without authorization, and a 2025 internal investigation uncovered broader misuse of sensitive patient information. The trust said its response initially focused too narrowly on bereaved families, while disciplinary action resulted in 11 employees being dismissed and several others receiving written warnings for serious data protection violations. Separately, the fallout from the 2024 Synnovis ransomware attack linked to the **Qilin** gang continues to widen across the NHS, with Mid and South Essex NHS Foundation Trust confirming about **2,380** specialist diagnostic testing records were affected after Bedfordshire Hospitals NHS Foundation Trust disclosed nearly **33,000** impacted records. The attack disrupted pathology services across south east London, causing canceled appointments, delayed operations, and blood testing and transfusion problems, while stolen patient data was later published online after extortion failed. NHS organizations are still identifying affected patients, and King’s College Hospital NHS Foundation Trust has said service delays caused by the outage contributed to a patient’s death.
Jun 9, 2026
Sandhills Medical Foundation Says Ransomware Breach Exposed 169,017 Patients
Sandhills Medical Foundation, a South Carolina healthcare provider, notified patients that a ransomware-related breach exposed the data of **169,017 people** after an unauthorized party accessed a server and stole files. The organization said it discovered the incident on **May 8, 2025** after system disruptions initially linked to a vendor-related technical issue, and a subsequent forensic investigation determined that data had been exfiltrated from systems affecting select patients. The compromised information reportedly included sensitive **personal, financial, and health data**, raising risks of identity theft and medical privacy exposure. The ransomware group **Inc** later claimed responsibility and added Sandhills to its leak site on **May 30, 2025**, though Sandhills did not publicly confirm the gang's involvement and said it **did not pay a ransom**; reporting also noted the case as one of the larger healthcare breaches attributed to the group.
May 25, 2026