NHS patients hit by a cyber attack could wait up to six months for a blood test
Patients who have been refused a blood test due to a Russian cyber attack on the NHS may have to wait up to six months before their blood sample is taken, the Guardian has learned.
The delays are so long that some patients have decided to pay to have their blood taken and analyzed by a private clinic, rather than remain on the NHS waiting list.
Hospitals in south-east London affected by the hacker gang’s seizure of 300 million NHS records have written to patients, warning them that they cannot now take a blood test.
One patient was told by letter: “Unfortunately, it appears it may be three to six months before blood can be drawn again. You will be placed on a waiting list and our secretaries will contact you when blood samples can be taken again.
“If you have not heard anything in the next four months, please feel free to contact us using the details above. I would like to apologize for this inconvenience and understand it will be frustrating.”
The patient, who wished to remain anonymous, said: “I have little choice but to go privately to undergo the tests and necessary treatment. The costs will be significant. While I can afford this, most people cannot.”
Nine acute or specialist NHS hospitals and providers of mental health, community health and GP services in part of south-east London serving 2 million people have had to severely ration their blood tests since the ransomware attack by the Russia-based Qilin gang on 3 September started. June.
The limited capacity means that only blood tests that are deemed ‘urgent’ by a committee of doctors and managers will continue at short notice.
What the NHS has called “significant disruption” caused by the attack also forced the King’s College Hospital (KCH) and the Guy’s and St Thomas’ (GSTT) health trusts to Canceling 1,134 planned surgeries and 2,194 outpatient appointments in the first 13 days. These include 184 cancer procedures and 64 organ transplants.
Qilin launched its attack on Synnovis, a provider of pathology services – such as blood tests and transfusions – jointly owned by KCH and GSTT and the private company Synlab. As a result, affected hospitals and GP practices can only carry out around 30% of their normal number of blood tests.
The Guardian reported on Friday that the British government is considering calling in the National Crime Agency (NCA) to hit back against Qilin after some of the stolen data was posted online. Qilin had reportedly demanded a ransom of US$50 million.
In February, the NCA deployed a specialized team to take action against LockBit, another gang of Russian hackers. Outfits such as Qilin and LockBit typically infiltrate an organization’s IT system and prevent them from using it unless they pay a ransom to regain access.
NHS England’s London region, which is coordinating the agency’s response to the hack, declined to comment on patients having to wait six months for their blood test to be rescheduled.
However, at one question and answer explanation on Friday it acknowledged that the hack would continue to cause major problems for Synnovis and the NHS in the coming months. Synnovis had “plans ready to restore a number of functionalities in its IT system in the coming weeks,” the company said. The cyber attack effectively locked the company out of its own IT system.
“The full technical recovery will take some time, and the need to rebook tests and appointments will mean that some disruption from the cyber incident will be felt in the coming months,” the report said.
The NHS has one helpline to answer patient questions.