Synnovis cyber attack (affecting NHS hospitals)

This is nasty. It’s “just” blood results but would be a painful test of protocols even at the best of times (which it clearly is not).

London NHS hospitals revert to paper records after cyber-attack | NHS | The Guardian

Interesting how long it’s taken to be made public/for the media to report.

Headline on the BBC Monday or Tuesday iirc

This was Monday, it was a handful of hospitals who use a private pathology company. The NHS was not hacked just a small external provider, those affected started their back up protocol. Was on the radio on Monday when I heard it

https://www.bbc.co.uk/news/articles/c288n8rkpvno

interesting how long it’s taken you to hear about it.

I guess the Telegraph was down…

We are too reliant on computers.

We are too reliant on computers.

Doing bloods without them is a very slow process.

We are too reliant on computers.

Too late for that, AI and robotics are already being trialled in the NHS. We’ll have destroyed Skynet’s defence grid by 2029 though, I saw a film about it 🙂

It’s “just” blood results

If you shut down pathology, you effectively shut down the hospital. It’s something like 70+ percent of all treatment pathways rely on pathology results. And you report a transfusion result wrong and the patient could be dead in 10 minutes.

And because you’ve got one private company looking after the pathology for several sites, it suddenly affects multiple hospitals.

The privatisation and centralisation of pathology is creeping in around the country in the name of progress and efficiency. It will most likely be an expensive mistake.

 it was a handful of hospitals who use a private pathology company. The NHS was not hacked just a small external provider, those affected started their back up protocol.

Not trying to contradict you, Drac, but it’s a bit more serious than that. It’s a couple of the biggest Hospital Trusts in London who work in partnership with a private provider for their Pathology services, both internal and external – Synnovis sure as heck not ‘a small external provider’ in the grand scheme of things. As well as hospital path lab services, they also hosts a large percentage of the Primary Care (GP Practice) blood testing for London. While it’s not ‘The NHS’ being hacked, it’s provider equipment that very likely sits on internal connections within some of the hospitals themselves.

From Synnovis’ own website:
“Synnovis is a partnership between SYNLAB UK & Ireland, Guy’s and St Thomas’ NHS Foundation Trust, and King’s College Hospital NHS Foundation Trust. 
A state-of-the-art ‘hub’ laboratory has been opened as part of this transformation at Friars Bridge Court, in Blackfriars Road, London, bringing cutting-edge instrumentation, technology and innovation together under one roof. On-site hospital laboratories (the ‘spokes’) will be developed to provide essential services, focusing on the rapid turnaround of urgent tests, such as those needed for A&E departments.”

And the ‘back up protocols’ involve all test results being printed out on paper, portered or couriered to the correct location, then manually typed/coded back into the patient record. That’s a massive loss of efficiency.

We had a similar scenario in Leeds a few years back, not a cyberattack but a massive failure of the servers that the local Hospitals Trust use for the electronic transmission of blood test results – called TelePath, ironically. While they could outsource the testing to other local hospital labs, due to the way the systems are set up it was the same end result as this cyber attack: no electronic transmission of results, revert to paper. 

The immediate effect was people having to be recalled because the stuck/missing results between the server failure and the ‘revert to paper’ decision being made were lost entirely and the blood samples were no longer viable.
The secondary effect was a significant delay in the paper results making it back to people’s GP records. That’s fine if it’s a less urgent test like a routine cholesterol screen, but a bit more important when it’s, say, bloods monitoring for a patient on antipsychotics.
The tertiary effect was mounting pile of paper results that GP Practices didn’t have the capacity to code back to records because they’re slammed, under-staffed and under-funded, plus the absence of some of the analytical markers (ie, the ‘This result is/isn’t within normal ranges” flags) meaning GPs had to employ extra staff just to code results back into the records, with all the additional possibility of human error meaning a result was mistyped.

In terms of numbers and time, Leeds is a decent size city: it’s not London, obviously, but it’s pretty big. Our GP Practices put close to 10,000 blood tests per day through the hospital lab, on top of whatever volumes the Hospital is testing for itself. It took 3 months to get TelePath back up and running, and six months to a year to clear the backlog of paper results at GP Practices. There was talk of the Practices collectively suing the Hospitals for the cost of the extra staff they’d had to employ to code the results. And when the (5-year) project began to get TelePath replaced, the hospitals had the cheek to ask whether electronic transmission of results was a priority in the new system…

So yeah. While Synnovis and the trusts can recover from this, the longer they’re stuck on paper the more impact this is going to have on the local system.

And the ‘back up protocols’ involve all test results being printed out…etc

Yes, which is why it piqued my interest. I work for a health service a bit bigger than NHS Wales. We have an integrated electronic medical record which includes pathology (a separate but also government entity).

There are occasionally times when the system goes down and paper rules which must be a nightmare.

I know we’ve been hacked on at least one occasion.

Simple supply chain stuff. What is the impact of a supplier failure (IT, financial, logistics) on your business.

If it’s true that ‘something like 70+ percent of all treatment pathways rely on pathology results’ then the answer is ‘massive’.

Where the impact is massive, it’s essential to diversify or put additional demands on the resilience of the supplier to ensure their resilience.

But who wants to spend money on boring stuff like resilience (until you wish you had…)

AI and robotics

We are a long way off AI in robots for medical use being viable. Robots are very much in use for surgery though, but there’s no AI in them.

And pharmacy

@pyro yup it’s a big those areas effected but not the full nhs thankfully.

@Drac – Yep, one of the small benefits of ‘The NHS’ being made up of lots of smaller organisations that fight with each other all the time. Nothing’s joined-up enough for a cyber attack to take out the whole shebang!! 😀

We are a long way off AI in robots for medical use being viable. Robots are very much in use for surgery though, but there’s no AI in them.

I think those are 2 separate points. There are lots of robots in use already. And there are cases of AI being used e.g. for waiting list management or to identify patients likely to not turn up to appointments, or for reviewing chest xrays: https://www.esneft.nhs.uk/research-study-uses-ai-to-read-chest-x-rays-and-help-diagnose-lung-cancer-faster/

But an AI robot operating on a patient would be something completely different.