Data breach notices for Qilin hack provided by Synnovis

BleepingComputer reports that major UK pathology services provider Synnovis has begun informing healthcare providers of a data breach stemming from a Qilin ransomware attack in June 2024, with the incident notification process expected to end by Nov. 21.

Infiltration of Synnovis systems allowed the exfiltration of patients' names, birthdates, and National Health Service numbers, according to Synnovis, which noted that clinical knowledge was needed to interpret most of the pilfered information.

"The stolen data was unstructured, incomplete, and fragmented, requiring the use of highly specialised platforms and bespoke processes to piece it together factors which heavily influenced the duration of the investigation," said Synnovis.

Qilin's attack against Synnovis was earlier reported to have disrupted non-emergency pathology appointments, blood transfusions, and planned operations across London hospitals. Automotive firm Yangfeng, U.S. newspaper publisher Lee Enterprises, and more than 300 other organizations have already been compromised by the Qilin ransomware-as-a-service operation since August 2022.