Synnovis 2024: When a Pathology Provider Failure Put Patient Lives at Risk

What Failed

Pathology services are invisible until they are absent. Synnovis operated the diagnostics backbone for multiple NHS trusts including King's College Hospital and Guy's and St Thomas'. When Synnovis's systems went down on June 3, 2024, the impact was immediate and cascading:

• Almost all IT systems were affected simultaneously
• Processes had to revert from electronic to paper and manual protocols overnight
• Laboratory testing capacity collapsed
• Blood cross-matching services were disrupted, creating dangerous bottlenecks
• Surgical teams could not schedule procedures without diagnostic results
• Outpatient clinics could not operate without pathology input

This was not a IT outage. This was a clinical capability failure. Without pathology, the clinical system could not operate.

Why the Impact Spread

Pathology is clinical infrastructure, not administrative background. When diagnostics stop, everything stops:

The Duration Timeline

Synnovis demonstrates the long tail of healthcare disruption:

The Blood Supply Crisis

One of the most acute pressures in the Synnovis incident was blood supply management. This is worth examining separately because it illustrates how clinical infrastructure failures are not simple outages—they are capability collapses with direct patient consequences.

Synnovis operated critical blood cross-matching services for NHS trusts in South-East London. Cross-matching is the laboratory process that verifies a donor's blood is compatible with a recipient before transfusion. When Synnovis systems went down, cross-matching stopped. Physical blood inventory existed in blood banks, but it could not be safely transfused because compatibility could not be confirmed.

This created a paradox: Blood stock was present but unusable. O-negative blood—the universal donor type—became acutely scarce, not because supplies were exhausted, but because the laboratory capability to verify its safety had failed. Surgical teams could not operate. Trauma care became limited. Any patient requiring emergency transfusion faced delays while workarounds were improvised.

Manual cross-matching protocols do exist, but they are slow, high-touch, and require expertise under pressure. They are fallback measures, not operational solutions. That they had to be deployed at scale revealed how completely modern transfusion practice depends on laboratory IT.

What the Incident Exposed

Pathology is invisible clinical infrastructure. Boards prioritize hospital IT, ambulance services, and patient-facing systems. Pathology operates in the background until it fails. Many organizations do not have visibility into which external laboratory providers are critical to clinical operations.

Manual fallback is not the same as resilience. Synnovis and NHS partners did have manual workarounds available. Paper protocols, sister laboratories, and multi-trust coordination mechanisms existed. But manual mode does not restore capacity—it reduces it dramatically. Manual processes are slower, error-prone, and exhausting under sustained pressure. They preserve urgent care at the cost of overall throughput.

Specialty provider dependency creates single points of failure. Synnovis served multiple trusts across South-East London. When one provider failed, the entire region felt the impact. This is consolidation risk. Healthcare has concentrated specialized services into fewer, larger providers. That improves efficiency in normal operations. It creates catastrophic risk if those providers fail.

Data breach impact extends beyond immediate recovery. Qilin published 400GB of data, exposing 900,000+ patient records including sensitive test results (HIV, STI, cancer diagnoses). That impact will persist for years in the form of patient harm, clinical risk, regulatory investigation, and organizational liability.

Patient impact accumulates gradually under degraded operations. No single patient died "from" the attack on June 3rd. But at least one death has been linked as a contributing factor to the delays and degraded operations that followed. That is the long tail of operational failure—not catastrophe, but accumulation of small cascades into clinical harm.

The Resilience Lens

CrisisLoop's assessment is that healthcare organizations often do not rehearse what Synnovis revealed: sustained degraded operations under public and clinical pressure. Most exercises assume either:

• An outage of hours, restored quickly
• A dramatic emergency (patient death, system failure) requiring crisis response

Synnovis was neither. It was a months-long partial failure during which the organization had to:

• Operate with 30-50% of normal capacity
• Make continuous clinical prioritization decisions without perfect information
• Sustain staff engagement over weeks and months, not hours
• Communicate uncertainty to patients, clinicians, and regulators
• Manage the tension between operational pressure and patient safety
• Coordinate across organizational boundaries (trusts, external labs, blood services)
• Know when "mostly working" is good enough to scale up

Those are not incident response skills. They are sustained leadership skills under pressure. Most organizations do not practice them.

What Boards Should Be Asking

Which specialist providers would create patient-impacting disruption if they failed? This is a basic question most boards have not answered. Pathology, blood services, pharmacy distribution, radiology, laboratory information systems—any of these can become a chokepoint. The question is not whether failure is possible. It is whether you know which providers matter most.

How much diagnostic or clinical throughput would we really retain in manual mode? Not the optimistic answer. The real answer under pressure. If pathology fails, can we run oncology at 30% of normal volume? Can we manage emergency surgery? Can we do blood transfusions safely? Can we sustain that for weeks?

How long would it truly take us to restore normal operating rhythm? Not "return to baseline." Not "restore urgent services." Restore the ability to clear backlogs, resume scheduled procedures, and operate normally. Synnovis took months. What is your estimate? Have you asked your clinical teams?

Have we exercised months-long degraded operations, not just the first 48 hours of incident response? Most healthcare exercises are 4-hour tabletops or 2-day simulations. They test crisis response. They do not test leadership resilience or sustained degraded operations. Synnovis lasted weeks as active operational crisis, then months in recovery. Can your organization sustain that rhythm?

What is our plan to communicate when we do not have a recovery timeline? Synnovis went down June 3rd. It was not broadly normal until late 2024. For months, senior leadership did not have a confident answer to "when will this be fixed?" How does your organization manage that uncertainty externally?

Conclusion

The Synnovis ransomware attack demonstrated that healthcare disruption does not require system-wide failure to become operationally serious and clinically dangerous. A single specialty provider—pathology—was sufficient to delay over 10,000 outpatient appointments, cancel 1,700+ elective procedures, create critical blood shortages, and contribute to at least one patient death.

The attack exposed what should be obvious but often is not: pathology is not a background administrative function. It is clinical infrastructure. When it fails, surgery stops. Cancer care stops. Blood transfusion capability becomes manual and limited. Organizational operations degrade not for hours, but for months.

Resilience in healthcare depends not on protecting systems in isolation, but on rehearsing what happens when a critical dependency fails and the organization must operate under sustained clinical pressure in public view, without a clear recovery timeline, and without the option to simply "wait it out."

Synnovis is now in the CrisisLoop library of incident patterns worth rehearsing. The question for every healthcare board is simple: Have you exercised this scenario in your organization? Or are you assuming a resilience you have never pressure-tested?