Blood on the Hands of Hackers: Patient Dies Due to Cyberattack
Qilin disrupted treatment in London and claimed a life.
The United Kingdom has confirmed its first patient death linked to a cyberattack on the NHS healthcare system. The incident occurred in June last year and severely disrupted hospital operations in southeast London. Over a thousand surgeries were postponed, 2,000 outpatient appointments were canceled, and more than 1,000 cancer treatment courses were delayed.
Now, King's College Hospital has officially stated that one of the deaths occurred amid these disruptions. A hospital representative reported that the patient died suddenly during the incident, and an investigation revealed several contributing factors. Among them was a delay in blood test results, caused by failures in the laboratory systems managed by Synnovis, the IT company targeted in the attack.
The family of the deceased was informed of the internal investigation's findings. The incident was the result of a large-scale ransomware attack allegedly carried out by the Russian group Qilin. The cyberattack affected Guy’s and St Thomas’, King’s College, Lewisham and Greenwich hospitals, as well as primary care and psychiatric facilities across six London boroughs.
This tragic case is not isolated. Previously in the United States, the death of a child was linked to a ransomware attack on a hospital in Alabama. Research shows that medical devices in hospitals remain highly vulnerable to cyberattacks, and over half of healthcare professionals have observed increased mortality as a result of cyber incidents.
Attacks on healthcare systems are becoming more frequent and devastating. Examples include a massive cyberattack in the Canadian province of Newfoundland that led to the cancellation of thousands of medical appointments, and FBI warnings that 53% of medical equipment contains critical vulnerabilities giving cybercriminals full control over patients’ lives.
Experts point to the growing threat from ransomware, which has evolved from simply demanding payment to decrypt data into double extortion schemes, threatening to publish stolen information. The NHS case highlights the critical importance of protecting medical systems, where it's not just data at stake — but human lives.
