Synnovis cyberattack update, 10 November 2025
In June 2024, Synnovis, an organisation that provides pathology services to a number of NHS organisations (including in south east London), was targeted by a criminal cyber-attack.
This incident is no longer causing disruption to patient appointments or services.
Following the attack, work has been undertaken to identify and understand the data that was stolen at the time. This work has now concluded.
Where an NHS organisation is informed that their data was stolen as part of the attack, they will need to assess the data to understand the risks that arise from it being stolen. For some organisations this will involve a significant amount of data and for others a smaller amount. This means the assessment of the data may take some time.
We understand people may be concerned about data being stolen. NHS England will continue to publish regular updates on their website about the incident, which will include links to local NHS websites where patients can find out more local information as it becomes available.
The NHS and Synnovis would never contact patients to ask for personal or financial information. Synnovis will not be contacting patients directly about this incident. If patients are notified, the notification will be from an NHS organisation.
Information is available on the NHS England website.