Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Guy's and St Thomas'​ NHS Foundation Trust

Guy's and St Thomas'​ NHS Foundation Trust Vendor Cyber Rating & Cyber Score

nhs.uk

One of the largest Trusts in the UK, Guy’s and St Thomas’ NHS Foundation Trust comprises five of the UK’s best known hospitals – Guy’s, St Thomas’, Evelina London Children’s Hospital, Royal Brompton and Harefield – as well as community services in Lambeth and Southwark, all with a long history of high quality care, clinical excellence, research and innovation. We work closely with a wide range of health and care partners to deliver the best care to our local population, and we play an active role in the integrated care systems (ICS) in south east and north west London. We have a long tradition of clinical and scientific achievement and – as part of King’s Health Partners – we are one of England’s eight academic health sciences centres


GSTNFT A.I CyberSecurity Scoring

GSTNFT
Company Information
Website:https://www.guysandstthomas.nhs.uk/
Employees number:11,299
Number of followers:127,351
NAICS:62
Industry Type:Hospitals and Health Care
Homepage:nhs.uk
GSTNFT Risk Score (AI oriented)
Between 0 and 549
logo
GSTNFTHospitals and Health Care
Updated:
07/06/2026
448/1000
Critical
C
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
GSTNFT Global Score (TPRM)
xxxx
logo
GSTNFTHospitals and Health Care
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

GSTNFT
GSTNFTCritical
Current Score
448C (CRITICAL)
01000
5 incidents
-33 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
458Before Incident
JUNE 2026
447Before Incident
MAY 2026
439Before Incident
APRIL 2026
433Before Incident
MARCH 2026
425Before Incident
FEBRUARY 2026
412Before Incident
JANUARY 2026
407Before Incident
DECEMBER 2025
396Before Incident
NOVEMBER 2025
412Before Incident
Cyber Attack
12 Nov 2025GSTNFT
Guy’s and St Thomas’ NHS Foundation Trust and Synnovis: NHS Pathology Provider Synnovis Notifies Organizations Affected by June 2024 Ransomware Attack

Synnovis Ransomware Attack Disrupts NHS Pathology Services, Exposes 300M Patient Records

379After Incident
CRITICAL-33
SYNGUY1771180010
Synnovis Ransomware Attack Disrupts NHS Pathology Services, Exposes 300M Patient Records In June 2024, UK pathology provider Synnovis a critical supplier of blood, urine, and specimen testing for NHS trusts and private healthcare organizations suffered a ransomware attack by the Qilin group, a Russian-linked cybercriminal operation. The attack, which occurred on June 3, encrypted Synnovis’ systems and exfiltrated data before locking files, causing widespread disruption to NHS services across London and beyond. ### Impact on Healthcare Services The attack paralyzed Synnovis’ IT infrastructure, forcing Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospitals NHS Trust two of the UK’s busiest hospital networks to cancel over 10,000 appointments, including 1,134 planned operations, 2,194 outpatient visits, 100+ cancer treatments, and 18 organ transplants in the first two weeks alone. Blood testing capacity plummeted to 10% of normal levels, leading to a nationwide shortage of O-negative blood as hospitals prioritized emergency cases. The disruption extended to GP surgeries, mental health services (South London and Maudsley NHS Trust), and private healthcare providers, with Synnovis estimating a full recovery would take months. By November 2024, the company had rebuilt 75+ applications, migrated core systems to the cloud, and restored 65+ scientific analyzers across seven locations. ### Data Breach & Ransom Demands Qilin exfiltrated 400GB of data before encrypting Synnovis’ systems, later leaking it on the dark web after the $50 million ransom deadline expired. The stolen data includes 300 million patient interactions, encompassing blood test results, HIV/STI diagnoses, cancer screenings, and personally identifiable information. While Synnovis confirmed no data was taken from its primary lab databases, the breach exposed records from both NHS and private healthcare patients, raising risks of extortion attempts against individuals with sensitive diagnoses. Synnovis refused to pay the ransom, citing ethical concerns and the risk of funding further attacks. The National Crime Agency (NCA), National Cyber Security Centre (NCSC), and Information Commissioner’s Office (ICO) were notified, with authorities considering retaliatory action against Qilin. ### Investigation & Recovery Challenges A 17-month forensic review revealed the attackers randomly stole data from working drives, complicating the identification of affected individuals. Synnovis developed custom systems to reconstruct the data, completing notifications to affected organizations by November 21, 2025. Under UK law, individual NHS trusts not Synnovis will determine whether patients must be notified, with any direct communications from Synnovis flagged as potential scams. The attack’s entry point remains unknown, though Qilin claimed to have exploited a zero-day vulnerability. Synnovis replaced all compromised IT infrastructure and stressed that the exfiltrated data was not in a readily usable format for malicious actors. ### Broader Context This incident follows a separate April 2024 attack on Synnovis by the BlackBasta ransomware group, which also leaked stolen data after a ransom went unpaid. The NHS has faced 215 ransomware attacks since 2019, with 2023 marking a record high in UK cyber incidents. The Synnovis breach underscores the vulnerability of critical healthcare infrastructure to financially motivated cyber threats, particularly those targeting third-party service providers.
INCIDENT DETAILS -
TYPE
Ransomware
MOTIVATION
Financial gain
IMPACT
Data Compromised: 400GB of data exfiltrated, including 300 million patient interactionsSystems Affected: IT infrastructure, 75+ applications, 65+ scientific analyzers across seven locationsDowntime: Months for full recoveryOperational Impact: Over 10,000 appointments canceled, including 1,134 planned operations, 2,194 outpatient visits, 100+ cancer treatments, and 18 organ transplants. Blood testing capacity reduced to 10% of normal levels.Brand Reputation Impact: Significant impact on NHS and private healthcare providersIdentity Theft Risk: High (exposure of personally identifiable information)
DATA BREACH
Blood test resultsHIV/STI diagnosesCancer screeningsPersonally identifiable informationNumber Of Records Exposed: 300 million patient interactionsSensitivity Of Data: High (medical and personally identifiable information)Data Exfiltration: Yes (400GB exfiltrated)Data Encryption: Yes (ransomware encryption)Personally Identifiable Information: Yes
OCTOBER 2025
408Before Incident
SEPTEMBER 2025
397Before Incident
AUGUST 2025
387Before Incident
JUNE 2024
391Before Incident
Ransomware
14 Jun 2024GSTNFT
Guy’s and St Thomas’ NHS Foundation Trust, King’s College Hospital NHS Foundation Trust and Synnovis: Hospitals cyber attack impacts 800 operations

London Hospitals Hit by Major Cyber Attack, Disrupting Critical Services

261After Incident
CRITICAL-130
SYNKINGUY1780792100
London Hospitals Hit by Major Cyber Attack, Disrupting Critical Services A ransomware attack on Synnovis, a pathology services provider, has severely disrupted operations at two major NHS trusts in London King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust. The incident, declared a regional critical incident by NHS England London, has led to widespread delays in medical services, including blood tests, transplants, and surgeries. In the first week alone, over 800 planned operations and 700 outpatient appointments were rescheduled, while 18 organs were diverted to other trusts and five elective C-sections postponed. Blood tests at GP surgeries have been rerouted, with urgent cases prioritized and optional screenings for blood-borne viruses (HIV, Hepatitis B and C) temporarily suspended. To mitigate shortages, NHS Blood and Transplant is urging donors with O Positive and O Negative blood types to contribute, as these "universal" types can be used without prior testing. The attack has significantly reduced the number of tests that can be processed, though emergency and primary care services remain operational. NHS England London has committed to releasing weekly updates, with the next report due on 21 June. Investigations are ongoing to determine whether patient data was accessed, a common risk in ransomware incidents. Medical director Dr. Chris Streather warned that the disruption would persist "for some time", with staff working around the clock to restore services. Synnovis is actively working to recover its IT systems, while the National Cyber Security Centre (NCSC) has identified the attackers as Russian-linked criminal groups. The incident underscores the vulnerability of healthcare systems to cyber threats, with long-term impacts on patient care still unfolding.
INCIDENT DETAILS -
TYPE
Ransomware
IMPACT
Systems Affected: Pathology services, IT systemsOperational Impact: Delays in blood tests, transplants, surgeries, and outpatient appointments; diversion of organs; postponement of elective C-sectionsIdentity Theft Risk: Potential risk if patient data was accessed
DATA BREACH
Type Of Data Compromised: Potential patient dataSensitivity Of Data: High (medical records, personally identifiable information)Data Encryption: Yes (ransomware)Personally Identifiable Information: Potential
JUNE 2024
561Before Incident
Ransomware
05 Jun 2024GSTNFT
Synnovis, King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust: 'Russian criminals' behind hospitals cyber attack

Russian Ransomware Attack Disrupts Major London Hospitals, Delaying Critical Care

389After Incident
CRITICAL-172
GUYSYN1780526611
Russian Ransomware Attack Disrupts Major London Hospitals, Delaying Critical Care A ransomware attack attributed to the Russian cybercriminal group Qilin has severely disrupted pathology services at multiple NHS hospitals in south-east London, leading to canceled surgeries, delayed blood tests, and diverted emergency patients. The incident, declared a critical incident on Tuesday, has impacted Guy’s and St Thomas’ NHS Foundation Trust (including the Royal Brompton and Evelina London Children’s Hospital), King’s College Hospital NHS Foundation Trust, and primary care providers in the region. The attack targeted Synnovis, a pathology services firm that processes 100,000 blood tests daily for around two million patients. Unlike typical ransomware incidents involving data theft, this attack disabled critical systems, forcing hospitals to prioritize only the most urgent cases. Ciaran Martin, former CEO of the National Cyber Security Centre (NCSC), confirmed the group’s financial motives, noting that Qilin had previously targeted entities like automotive companies, Australian courts, and the Big Issue UK. While the hackers threatened to publish data a common tactic Martin emphasized that the primary impact was operational disruption, not data exposure. Patients reported last-minute cancellations, including a man whose open-heart surgery was postponed just moments before the procedure. NHS London stated that urgent and emergency services remain operational, but non-critical appointments and blood transfusions have been affected. Staff are working to restore services, though the full extent of the disruption remains unclear. The attack highlights the growing threat of Russian-linked cybercrime, with Qilin operating freely from within Russia. The UK government maintains a no-ransom policy, complicating recovery efforts. Synnovis, which opened new laboratories in Southwark in April, has not provided further comment. The incident is among the most serious cyberattacks on UK healthcare in recent years.
INCIDENT DETAILS -
TYPE
Ransomware
MOTIVATION
Financial
IMPACT
Systems Affected: Pathology services, blood test processing, surgery schedulingOperational Impact: Canceled surgeries, delayed blood tests, diverted emergency patients, prioritization of urgent cases onlyBrand Reputation Impact: Severe
DATA BREACH
Data Exfiltration: Threatened but not confirmed as primary impactData Encryption: Disabled critical systems
JUNE 2024
690Before Incident
Ransomware
04 Jun 2024GSTNFT
Evelina London Children’s Hospital, Synnovis and Guy’s and St Thomas’ NHS Foundation Trust: Services disrupted as London hospitals hit by cyber-attack

London Hospitals Disrupted by Ransomware Attack on Blood Test Provider

388After Incident
CRITICAL-302
SYNGUY1774334258
London Hospitals Disrupted by Ransomware Attack on Blood Test Provider Seven major London hospitals, including Guy’s, St Thomas’, King’s College, and the Evelina children’s hospital, declared a “critical incident” after a ransomware attack crippled their pathology services. The attack, which began on Monday, targeted Synnovis, a private firm that processes blood tests for NHS trusts under a £1.1bn contract. The incident forced cancellations of elective surgeries, blood transfusions, and planned caesarean sections, with some procedures redirected to other hospitals under mutual aid protocols. While emergency care and outpatient services remained operational, staff reported severe disruptions, including a shift to paper-based communication after Synnovis’s IT systems were locked. Synnovis confirmed the attack had affected all its servers, though its labs remained partially functional. The company has engaged cybersecurity experts, including the National Cyber Security Centre (NCSC), and reported the breach to the Information Commissioner’s Office (ICO). The attackers identity unknown deployed ransomware to extort payment, a tactic increasingly paired with data theft and threats of publication if demands aren’t met. This is the third ransomware attack on Synnovis’s parent company, Synlab, in the past year. In June 2023, the Clop gang breached its French subsidiary, while April 2024 saw Black Basta steal and leak 1.5TB of data from its Italian operations. Healthcare remains a prime target for cybercriminals due to underinvestment in IT security and the urgency of restoring critical services. The full recovery timeline remains unclear.
INCIDENT DETAILS -
TYPE
Ransomware
MOTIVATION
Extortion
IMPACT
Systems Affected: All Synnovis servers, pathology IT systemsOperational Impact: Cancellations of elective surgeries, blood transfusions, and planned caesarean sections; shift to paper-based communicationBrand Reputation Impact: High
DATA BREACH
Data Exfiltration: Possible (common in ransomware attacks)Data Encryption: Yes (ransomware)
JUNE 2024
783Before Incident
Ransomware
01 Jun 2024GSTNFT
King College Hospital

Fatal Cyberattack at King College Hospital

690After Incident
CRITICAL-93
KIN617062825
A fatal cyberattack at King College Hospital in London resulted in the death of a patient in June 2024. The attack, conducted by the Russian cybercriminal group Qilin, used ransomware to paralyze the hospital's servers, leading to delays in critical services such as blood analysis results. The attack caused the cancellation of over 10,000 medical appointments and affected the health of nearly 170 patients. This incident highlights the increasing dependence of hospitals on IT tools and the growing threat of cyberattacks on vulnerable healthcare infrastructure.
INCIDENT DETAILS -
TYPE
Ransomware
MOTIVATION
Financial Gain
IMPACT
Systems Affected: Pathology servicesOperational Impact: Over 10,000 medical appointments cancelled

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for GSTNFT ?
?
What was GSTNFT's A.I Rankiteo Cyber Score in June 2026 ?
?
What was GSTNFT's A.I Rankiteo Cyber Score in May 2026 ?
?
What was GSTNFT's A.I Rankiteo Cyber Score in April 2026 ?
?
What was GSTNFT's A.I Rankiteo Cyber Score in March 2026 ?
?
What was GSTNFT's A.I Rankiteo Cyber Score in February 2026 ?
?
What was GSTNFT's A.I Rankiteo Cyber Score in January 2026 ?
?
What was GSTNFT's A.I Rankiteo Cyber Score in December 2025 ?
?
What was GSTNFT's A.I Rankiteo Cyber Score in November 2025 ?
?
What was GSTNFT's A.I Rankiteo Cyber Score in October 2025 ?
?
What was GSTNFT's A.I Rankiteo Cyber Score in September 2025 ?
?
What was GSTNFT's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on GSTNFT's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with GSTNFT ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view GSTNFT's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?