GSTNFT A.I CyberSecurity Scoring
GSTNFT
Company Information
Website:https://www.guysandstthomas.nhs.uk/
Employees number:11,299
Number of followers:127,351
NAICS:62
Industry Type:Hospitals and Health Care
Homepage:nhs.uk
GSTNFT Risk Score (AI oriented)
Between 0 and 549
GSTNFTHospitals and Health Care
Updated:
07/06/2026
07/06/2026
448/1000
Critical
C
GSTNFT Global Score (TPRM)
xxxx
GSTNFTHospitals and Health Care
Score locked

GSTNFTCritical
Current Score
448C (CRITICAL)
01000
5 incidents
-33 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
458
JUNE 2026
447
MAY 2026
439
APRIL 2026
433
MARCH 2026
425
FEBRUARY 2026
412
JANUARY 2026
407
DECEMBER 2025
396
NOVEMBER 2025
412
Cyber Attack
12 Nov 2025 • GSTNFT
Guy’s and St Thomas’ NHS Foundation Trust and Synnovis: NHS Pathology Provider Synnovis Notifies Organizations Affected by June 2024 Ransomware Attack
Synnovis Ransomware Attack Disrupts NHS Pathology Services, Exposes 300M Patient Records
379
CRITICAL-33
SYNGUY1771180010
Synnovis Ransomware Attack Disrupts NHS Pathology Services, Exposes 300M Patient Records
In June 2024, UK pathology provider Synnovis a critical supplier of blood, urine, and specimen testing for NHS trusts and private healthcare organizations suffered a ransomware attack by the Qilin group, a Russian-linked cybercriminal operation. The attack, which occurred on June 3, encrypted Synnovis’ systems and exfiltrated data before locking files, causing widespread disruption to NHS services across London and beyond.
### Impact on Healthcare Services
The attack paralyzed Synnovis’ IT infrastructure, forcing Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospitals NHS Trust two of the UK’s busiest hospital networks to cancel over 10,000 appointments, including 1,134 planned operations, 2,194 outpatient visits, 100+ cancer treatments, and 18 organ transplants in the first two weeks alone. Blood testing capacity plummeted to 10% of normal levels, leading to a nationwide shortage of O-negative blood as hospitals prioritized emergency cases.
The disruption extended to GP surgeries, mental health services (South London and Maudsley NHS Trust), and private healthcare providers, with Synnovis estimating a full recovery would take months. By November 2024, the company had rebuilt 75+ applications, migrated core systems to the cloud, and restored 65+ scientific analyzers across seven locations.
### Data Breach & Ransom Demands
Qilin exfiltrated 400GB of data before encrypting Synnovis’ systems, later leaking it on the dark web after the $50 million ransom deadline expired. The stolen data includes 300 million patient interactions, encompassing blood test results, HIV/STI diagnoses, cancer screenings, and personally identifiable information. While Synnovis confirmed no data was taken from its primary lab databases, the breach exposed records from both NHS and private healthcare patients, raising risks of extortion attempts against individuals with sensitive diagnoses.
Synnovis refused to pay the ransom, citing ethical concerns and the risk of funding further attacks. The National Crime Agency (NCA), National Cyber Security Centre (NCSC), and Information Commissioner’s Office (ICO) were notified, with authorities considering retaliatory action against Qilin.
### Investigation & Recovery Challenges
A 17-month forensic review revealed the attackers randomly stole data from working drives, complicating the identification of affected individuals. Synnovis developed custom systems to reconstruct the data, completing notifications to affected organizations by November 21, 2025. Under UK law, individual NHS trusts not Synnovis will determine whether patients must be notified, with any direct communications from Synnovis flagged as potential scams.
The attack’s entry point remains unknown, though Qilin claimed to have exploited a zero-day vulnerability. Synnovis replaced all compromised IT infrastructure and stressed that the exfiltrated data was not in a readily usable format for malicious actors.
### Broader Context
This incident follows a separate April 2024 attack on Synnovis by the BlackBasta ransomware group, which also leaked stolen data after a ransom went unpaid. The NHS has faced 215 ransomware attacks since 2019, with 2023 marking a record high in UK cyber incidents. The Synnovis breach underscores the vulnerability of critical healthcare infrastructure to financially motivated cyber threats, particularly those targeting third-party service providers.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
OCTOBER 2025
408
SEPTEMBER 2025
397
AUGUST 2025
387
JUNE 2024
391
Ransomware
14 Jun 2024 • GSTNFT
Guy’s and St Thomas’ NHS Foundation Trust, King’s College Hospital NHS Foundation Trust and Synnovis: Hospitals cyber attack impacts 800 operations
London Hospitals Hit by Major Cyber Attack, Disrupting Critical Services
261
CRITICAL-130
SYNKINGUY1780792100
London Hospitals Hit by Major Cyber Attack, Disrupting Critical Services
A ransomware attack on Synnovis, a pathology services provider, has severely disrupted operations at two major NHS trusts in London King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust. The incident, declared a regional critical incident by NHS England London, has led to widespread delays in medical services, including blood tests, transplants, and surgeries.
In the first week alone, over 800 planned operations and 700 outpatient appointments were rescheduled, while 18 organs were diverted to other trusts and five elective C-sections postponed. Blood tests at GP surgeries have been rerouted, with urgent cases prioritized and optional screenings for blood-borne viruses (HIV, Hepatitis B and C) temporarily suspended. To mitigate shortages, NHS Blood and Transplant is urging donors with O Positive and O Negative blood types to contribute, as these "universal" types can be used without prior testing.
The attack has significantly reduced the number of tests that can be processed, though emergency and primary care services remain operational. NHS England London has committed to releasing weekly updates, with the next report due on 21 June. Investigations are ongoing to determine whether patient data was accessed, a common risk in ransomware incidents.
Medical director Dr. Chris Streather warned that the disruption would persist "for some time", with staff working around the clock to restore services. Synnovis is actively working to recover its IT systems, while the National Cyber Security Centre (NCSC) has identified the attackers as Russian-linked criminal groups.
The incident underscores the vulnerability of healthcare systems to cyber threats, with long-term impacts on patient care still unfolding.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JUNE 2024
561
Ransomware
05 Jun 2024 • GSTNFT
Synnovis, King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust: 'Russian criminals' behind hospitals cyber attack
Russian Ransomware Attack Disrupts Major London Hospitals, Delaying Critical Care
389
CRITICAL-172
GUYSYN1780526611
Russian Ransomware Attack Disrupts Major London Hospitals, Delaying Critical Care
A ransomware attack attributed to the Russian cybercriminal group Qilin has severely disrupted pathology services at multiple NHS hospitals in south-east London, leading to canceled surgeries, delayed blood tests, and diverted emergency patients. The incident, declared a critical incident on Tuesday, has impacted Guy’s and St Thomas’ NHS Foundation Trust (including the Royal Brompton and Evelina London Children’s Hospital), King’s College Hospital NHS Foundation Trust, and primary care providers in the region.
The attack targeted Synnovis, a pathology services firm that processes 100,000 blood tests daily for around two million patients. Unlike typical ransomware incidents involving data theft, this attack disabled critical systems, forcing hospitals to prioritize only the most urgent cases. Ciaran Martin, former CEO of the National Cyber Security Centre (NCSC), confirmed the group’s financial motives, noting that Qilin had previously targeted entities like automotive companies, Australian courts, and the Big Issue UK. While the hackers threatened to publish data a common tactic Martin emphasized that the primary impact was operational disruption, not data exposure.
Patients reported last-minute cancellations, including a man whose open-heart surgery was postponed just moments before the procedure. NHS London stated that urgent and emergency services remain operational, but non-critical appointments and blood transfusions have been affected. Staff are working to restore services, though the full extent of the disruption remains unclear.
The attack highlights the growing threat of Russian-linked cybercrime, with Qilin operating freely from within Russia. The UK government maintains a no-ransom policy, complicating recovery efforts. Synnovis, which opened new laboratories in Southwark in April, has not provided further comment. The incident is among the most serious cyberattacks on UK healthcare in recent years.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
JUNE 2024
690
Ransomware
04 Jun 2024 • GSTNFT
Evelina London Children’s Hospital, Synnovis and Guy’s and St Thomas’ NHS Foundation Trust: Services disrupted as London hospitals hit by cyber-attack
London Hospitals Disrupted by Ransomware Attack on Blood Test Provider
388
CRITICAL-302
SYNGUY1774334258
London Hospitals Disrupted by Ransomware Attack on Blood Test Provider
Seven major London hospitals, including Guy’s, St Thomas’, King’s College, and the Evelina children’s hospital, declared a “critical incident” after a ransomware attack crippled their pathology services. The attack, which began on Monday, targeted Synnovis, a private firm that processes blood tests for NHS trusts under a £1.1bn contract.
The incident forced cancellations of elective surgeries, blood transfusions, and planned caesarean sections, with some procedures redirected to other hospitals under mutual aid protocols. While emergency care and outpatient services remained operational, staff reported severe disruptions, including a shift to paper-based communication after Synnovis’s IT systems were locked.
Synnovis confirmed the attack had affected all its servers, though its labs remained partially functional. The company has engaged cybersecurity experts, including the National Cyber Security Centre (NCSC), and reported the breach to the Information Commissioner’s Office (ICO). The attackers identity unknown deployed ransomware to extort payment, a tactic increasingly paired with data theft and threats of publication if demands aren’t met.
This is the third ransomware attack on Synnovis’s parent company, Synlab, in the past year. In June 2023, the Clop gang breached its French subsidiary, while April 2024 saw Black Basta steal and leak 1.5TB of data from its Italian operations. Healthcare remains a prime target for cybercriminals due to underinvestment in IT security and the urgency of restoring critical services. The full recovery timeline remains unclear.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
JUNE 2024
783
Ransomware
01 Jun 2024 • GSTNFT
King College Hospital
Fatal Cyberattack at King College Hospital
690
CRITICAL-93
KIN617062825
A fatal cyberattack at King College Hospital in London resulted in the death of a patient in June 2024. The attack, conducted by the Russian cybercriminal group Qilin, used ransomware to paralyze the hospital's servers, leading to delays in critical services such as blood analysis results. The attack caused the cancellation of over 10,000 medical appointments and affected the health of nearly 170 patients. This incident highlights the increasing dependence of hospitals on IT tools and the growing threat of cyberattacks on vulnerable healthcare infrastructure.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for GSTNFT ??
What was GSTNFT's A.I Rankiteo Cyber Score in June 2026 ??
What was GSTNFT's A.I Rankiteo Cyber Score in May 2026 ??
What was GSTNFT's A.I Rankiteo Cyber Score in April 2026 ??
What was GSTNFT's A.I Rankiteo Cyber Score in March 2026 ??
What was GSTNFT's A.I Rankiteo Cyber Score in February 2026 ??
What was GSTNFT's A.I Rankiteo Cyber Score in January 2026 ??
What was GSTNFT's A.I Rankiteo Cyber Score in December 2025 ??
What was GSTNFT's A.I Rankiteo Cyber Score in November 2025 ??
What was GSTNFT's A.I Rankiteo Cyber Score in October 2025 ??
What was GSTNFT's A.I Rankiteo Cyber Score in September 2025 ??
What was GSTNFT's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on GSTNFT's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with GSTNFT ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view GSTNFT's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?