Viapath
Company Details
Linkedin ID:
viapath-llp
Website:
Employees number:
272
Number of followers:
7,271
NAICS:
62
Industry Type:
Homepage:
synnovis.co.uk
IP Addresses:
0
Company ID:
VIA_2108556
Scan Status:
In-progress
Viapath Company CyberSecurity Posture
synnovis.co.uk
Synnovis (formerly Viapath) is a partnership between SYNLAB UK & Ireland, Guy’s and St Thomas’ NHS Foundation Trust, and King’s College Hospital NHS Foundation Trust, performing more than 32 million pathology tests a year across a network of routine and specialist laboratories. Serving a population of 1.7 million in south east London, we bring together the very best in clinical, scientific and operational expertise to provide a pathology service which aims to create better outcomes for patients and make a positive difference to people’s health and wellbeing. We work collaboratively with the NHS, SYNLAB, clinical users and other stakeholders – every sample we process represents an individual patient in our joint care, and we understand the important role we play in continually developing services to meet that important responsibility.
Viapath A.I CyberSecurity Scoring
Viapath Risk Score (AI oriented)Between 0 and 549
Viapath
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Viapath Global Score (TPRM)XXXX
Viapath
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Viapath Company CyberSecurity News & History
Past Incidents
3
Attack Types
1
Synnovis
Ransomware
Rankiteo Explanation
Attack that could injure or kill people
Description: A ransomware attack on Synnovis, a pathology services provider for several NHS hospitals in London, led to widespread disruption of diagnostic services and the death of a patient. The attack, carried out by Qilin, a Russian cybercriminal group, delayed blood test results and caused significant harm to patient care. Over 10,000 appointments were disrupted, 1,710 operations postponed, and 1,100 cancer treatments delayed. The attack was linked to nearly 600 patient safety incidents, including two cases of severe harm.
Synnovis
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: In 2024, **Synnovis**, a UK-based healthcare pathology service provider, fell victim to a **Qilin ransomware attack**, severely disrupting NHS blood transfusion and diagnostic services across London. The breach exploited unpatched VPN vulnerabilities and lack of MFA, leading to **data theft and system encryption**. Patient test results, blood matching, and critical lab operations were delayed or halted, forcing hospitals to declare **major incidents** and divert emergency cases. The attack exposed sensitive medical records, including those of **Ballarat personalities, doctors, and police officers**, while crippling core healthcare infrastructure. Qilin affiliates threatened to leak stolen data on dark-web platforms if ransom demands were unmet. The incident not only endangered patient lives by delaying surgeries and treatments (e.g., cancer care) but also **threatened the organization’s operational existence**, with prolonged outages and reputational damage. The collaboration between Qilin and groups like Scattered Spider further complicated attribution and recovery, underscoring the escalating sophistication of RaaS-driven cybercrime in critical sectors.
Synnovis
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: Synnovis, a pathology supplier for the NHS, suffered a **ransomware attack on 4 June 2024**, leading to the theft and online publication of **patient and staff data**—including **names, NHS numbers, test results, and administrative records**. The attack caused **widespread NHS service disruptions**, including **thousands of delayed appointments** at **King’s College Hospital and Guy’s and St Thomas’ NHS Foundation Trust**, **blood testing delays in primary care**, and **a confirmed patient death**. The stolen data was **unstructured, fragmented, and incomplete**, complicating investigations. Over a year later (by **November 2025**), Synnovis began notifying affected NHS providers (hospitals, GP practices, clinics) to assess exposure risks. The breach exposed **sensitive health data**, threatening **patient confidentiality, trust in NHS services, and operational continuity**, while also triggering calls for a **public inquiry into NHS cybersecurity and patient safety** due to the attack’s severity and systemic impact.
Viapath Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Viapath
Incidents vs Hospitals and Health Care Industry Average (This Year)
Viapath has 31.58% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Viapath has 56.25% more incidents than the average of all companies with at least one recorded incident.
Incident Types Viapath vs Hospitals and Health Care Industry Avg (This Year)
Viapath reported 1 incidents this year: 0 cyber attacks, 1 ransomware, 0 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — Viapath (X = Date, Y = Severity)
Viapath cyber incidents detection timeline including parent company and subsidiaries
Viapath Company Subsidiaries
Synnovis (formerly Viapath) is a partnership between SYNLAB UK & Ireland, Guy’s and St Thomas’ NHS Foundation Trust, and King’s College Hospital NHS Foundation Trust, performing more than 32 million pathology tests a year across a network of routine and specialist laboratories. Serving a population of 1.7 million in south east London, we bring together the very best in clinical, scientific and operational expertise to provide a pathology service which aims to create better outcomes for patients and make a positive difference to people’s health and wellbeing. We work collaboratively with the NHS, SYNLAB, clinical users and other stakeholders – every sample we process represents an individual patient in our joint care, and we understand the important role we play in continually developing services to meet that important responsibility.
Loading...
Viapath Similar Companies
Jefferson Health
Thomas Jefferson University and Thomas Jefferson University Hospitals are partners in providing excellent clinical and compassionate care for our patients in the Philadelphia region, educating the health professionals of tomorrow in a variety of disciplines and discovering new knowledge that will de
Centene Corporation
Centene Corporation is a leading healthcare enterprise committed to helping people live healthier lives. Centene offers affordable and high-quality products to more than 1 in 15 individuals across the nation, including Medicaid and Medicare members (including Medicare Prescription Drug Plans) as wel
Kindred
Kindred’s mission is to help our patients reach their highest potential for health and healing with intensive medical and rehabilitative care through a compassionate patient experience. Kindred’s 61 long-term acute care hospitals (LTACHs), along with 18 community-based, short-term acute care hospit
Community Health Systems is one of the nation’s leading healthcare providers. Developing and operating healthcare delivery systems across 14 states, CHS is committed to helping people get well and live healthier. CHS affiliates operate 70 acute-care hospitals and more than 1,000 other sites of care,
NHS
The NHS was launched in 1948. It was born out of a long-held ideal that good healthcare should be available to all, regardless of wealth – one of the NHS's core principles. With the exception of some charges, such as prescriptions, optical services and dental services, the NHS in England remains
Fresenius Medical Care is the world’s leading provider of products and services for individuals with renal diseases. We aim to create a future worth living for chronically and critically ill patients – worldwide and every day. Thanks to our decades of experience in dialysis, our innovative research
Michigan Medicine
Michigan Medicine, based in Ann Arbor, Michigan, is part of one of the world’s leading universities. Michigan Medicine is a premier, highly ranked academic medical center and award-winning health care system with state-of-the-art facilities. Our vision is to create the future of health care throu
Yeditepe University Hospital
Университет Едитепе был основан фондом ISTEK в 1996 году. 1. Стоматологическая клиника Университета Йедитепе, 1996 г. 2. Больница Козьятаги Университета Едитепе в 2005 г. 3. Поликлиника Багдат Каддеси Университета Едитепе, 2006 г. 4. Глазной центр Университета Йедитепе, 2007 г. 5. Центр генетическо
SSM Health is a Catholic, not-for-profit, fully integrated health system dedicated to advancing innovative, sustainable, and compassionate care for patients and communities throughout the Midwest and beyond. The organization’s 40,000 team members and 13,900 providers are committed to fulfilling SSM
.png)
Viapath CyberSecurity News
June 22, 2025 07:00 AM
Mattermost Vulnerabilities Let Attackers Execute Remote Code Via Path Traversal
Mattermost, a widely-used open-source collaboration platform, has recently disclosed critical vulnerabilities in its software.
June 18, 2025 07:00 AM
New Nday Vulnerability in Zyxel NWA50AX Pro Allows Arbitrary File Deletion
The auth_zyxel.conf The file revealed 28 whitelisted endpoints, including /cgi-bin/file_upload-cgi, which attackers can access without valid...
April 08, 2025 07:00 AM
Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation via Path Traversal
Cybersecurity researchers have disclosed details of a now-patched security flaw in the Amazon EC2 Simple Systems Manager (SSM) Agent that,...
August 17, 2021 07:00 AM
Taliban Take Kabul Via Path Paved by Corruption
Ghani reportedly fled Afghanistan with bags of cash; Dostum's palace was rococo dictator chic. Corruption lies at the heart of Kabul's fall.
November 27, 2018 01:00 PM
What is path traversal, and how to prevent it? | Web Security Academy
Path traversal is also known as directory traversal. These vulnerabilities enable an attacker to read arbitrary files on the server that is running an...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Viapath CyberSecurity History Information
Official Website of Viapath
The official website of Viapath is https://www.synnovis.co.uk/.
Viapath’s AI-Generated Cybersecurity Score
According to Rankiteo, Viapath’s AI-generated cybersecurity score is 458, reflecting their Critical security posture.
How many security badges does Viapath’ have ?
According to Rankiteo, Viapath currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Viapath have SOC 2 Type 1 certification ?
According to Rankiteo, Viapath is not certified under SOC 2 Type 1.
Does Viapath have SOC 2 Type 2 certification ?
According to Rankiteo, Viapath does not hold a SOC 2 Type 2 certification.
Does Viapath comply with GDPR ?
According to Rankiteo, Viapath is not listed as GDPR compliant.
Does Viapath have PCI DSS certification ?
According to Rankiteo, Viapath does not currently maintain PCI DSS compliance.
Does Viapath comply with HIPAA ?
According to Rankiteo, Viapath is not compliant with HIPAA regulations.
Does Viapath have ISO 27001 certification ?
According to Rankiteo,Viapath is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Viapath
Viapath operates primarily in the Hospitals and Health Care industry.
Number of Employees at Viapath
Viapath employs approximately 272 people worldwide.
Subsidiaries Owned by Viapath
Viapath presently has no subsidiaries across any sectors.
Viapath’s LinkedIn Followers
Viapath’s official LinkedIn profile has approximately 7,271 followers.
NAICS Classification of Viapath
Viapath is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
Viapath’s Presence on Crunchbase
No, Viapath does not have a profile on Crunchbase.
Viapath’s Presence on LinkedIn
Yes, Viapath maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/viapath-llp.
Cybersecurity Incidents Involving Viapath
As of December 04, 2025, Rankiteo reports that Viapath has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
Viapath has an estimated 30,379 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Viapath ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware.
How does Viapath detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with cybersecurity experts, and remediation measures with investigation into stolen data, remediation measures with notification of affected organizations, and recovery measures with dedicated support for affected nhs providers, recovery measures with website with updates for stakeholders, and communication strategy with direct notifications to nhs organizations, communication strategy with public statements, communication strategy with patient notifications via letters/website, and remediation measures with regularly patch and update vpns and remote access devices, remediation measures with apply mfa to all accounts, remediation measures with limit or remove exposed management interfaces, remediation measures with segment networks to isolate critical systems, remediation measures with monitor proactively for lateral movement or signs of intrusion, and and .
Incident Details
Can you provide details on each incident ?
Title: Ransomware Attack on Synnovis
Description: A ransomware attack on Synnovis, a pathology services provider for several NHS hospitals in London, caused widespread disruption to diagnostic services, delaying blood test results and leading to significant harm to patient care, including a patient's death.
Date Detected: 2024-06-03
Type: Ransomware
Threat Actor: Qilin
Title: Synnovis Ransomware Attack and Data Breach (2024)
Description: A ransomware attack on Synnovis, a pathology supplier for NHS providers, led to widespread disruption of NHS services in London, including delayed appointments and blood testing. Stolen data, including patient and staff personal information, was later published online by cybercriminals. The attack also resulted in at least one patient death. Synnovis completed its investigation over a year later, revealing the stolen data was unstructured, fragmented, and included names, NHS numbers, test results, and administrative records. Affected NHS organizations are now reviewing the data to assess impact and notify individuals as needed.
Date Detected: 2024-06-04
Date Publicly Disclosed: 2024-06-20
Type: ransomware
Motivation: financial gaindata theft
Title: Rise in Qilin Ransomware Incidents Targeting SMBs in Construction, Healthcare, and Financial Sectors
Description: Cybersecurity researchers at S-RM have observed a rise in ransomware incidents linked to the Qilin ransomware group, a long-running ransomware-as-a-service (RaaS) operation. The group exploits unpatched VPN appliances, lack of multi-factor authentication (MFA), and exposed management interfaces to gain initial access. While high-profile breaches like the 2024 Synnovis attack on UK healthcare systems have drawn attention, most victims are small-to-medium-sized businesses (SMBs) in construction, healthcare, and financial sectors. Qilin operates as a RaaS since 2023, with affiliates (including Scattered Spider) deploying its tools. In 2025, 88% of Qilin cases involved both data theft and file encryption, with victim data published on dark-web leak sites if ransoms were unpaid. The group has also expanded extortion channels to include Telegram and platforms like WikiLeaksV2.
Date Publicly Disclosed: 2025-01-01T00:00:00Z
Type: ransomware
Attack Vector: unpatched VPN applianceslack of multi-factor authentication (MFA)exposed management interfacessingle-factor remote access tools
Vulnerability Exploited: unpatched VPN vulnerabilitiesweak authentication mechanismsexposed administrative interfaces
Threat Actor: Qilin ransomware groupScattered Spider (affiliate)
Motivation: financial gainprofit-sharing with affiliatesdata exfiltration for extortion
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through unpatched VPN appliancessingle-factor remote access toolsexposed management interfaces.
Impact of the Incidents
What was the impact of each incident ?
Incident : Ransomware VIA625062825
Systems Affected: Pathology servicesBlood testing services
Operational Impact: Disrupted 10,152 outpatient appointmentsPostponed 1710 elective proceduresDelayed 1100 cancer treatments170 cases of patient harm recorded2 cases classified as severe
Incident : ransomware VIA3232032111125
Data Compromised: Patient names, Nhs numbers, Test results, Test codes, Administrative records
Systems Affected: Synnovis corporate systemsadministrative working drive
Downtime: ['widespread disruption to NHS services', 'delayed appointments at King’s College Hospital NHS Foundation Trust', 'delayed appointments at Guy’s and St Thomas’ NHS Foundation Trust', 'delays to blood testing in primary care']
Operational Impact: disruption to pathology servicespatient death attributed to attackdelayed medical procedures
Brand Reputation Impact: potential loss of trust in NHS cybersecuritycalls for public inquiry
Identity Theft Risk: ['high (due to exposure of NHS numbers and personal data)']
Incident : ransomware VIA1292112111125
Identity Theft Risk: True
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Data (Names, Nhs Numbers), Test Results, Test Codes, Administrative Records and .
Which entities were affected by each incident ?
Incident : Ransomware VIA625062825
Entity Name: Synnovis
Entity Type: Pathology services provider
Industry: Healthcare
Location: London
Incident : Ransomware VIA625062825
Entity Name: King’s College Hospital NHS Foundation Trust
Entity Type: Hospital
Industry: Healthcare
Location: London
Incident : Ransomware VIA625062825
Entity Name: Guy’s and St Thomas’ NHS Foundation Trusts
Entity Type: Hospital
Industry: Healthcare
Location: London
Incident : ransomware VIA3232032111125
Entity Name: Synnovis
Entity Type: pathology supplier
Industry: healthcare
Location: London, UK
Customers Affected: NHS hospitals, GP practices, clinics
Incident : ransomware VIA3232032111125
Entity Name: King’s College Hospital NHS Foundation Trust
Entity Type: hospital
Industry: healthcare
Location: London, UK
Customers Affected: patients, staff
Incident : ransomware VIA3232032111125
Entity Name: Guy’s and St Thomas’ NHS Foundation Trust
Entity Type: hospital
Industry: healthcare
Location: London, UK
Customers Affected: patients, staff
Incident : ransomware VIA3232032111125
Entity Name: NHS England
Entity Type: government health service
Industry: healthcare
Location: UK
Customers Affected: patients nationwide (indirectly)
Incident : ransomware VIA1292112111125
Entity Type: small-to-medium-sized businesses (SMBs)
Industry: construction, healthcare, financial services
Size: small-to-medium
Incident : ransomware VIA1292112111125
Entity Name: Synnovis
Entity Type: healthcare provider
Industry: healthcare
Location: United Kingdom
Response to the Incidents
What measures were taken in response to each incident ?
Incident : ransomware VIA3232032111125
Incident Response Plan Activated: True
Third Party Assistance: Cybersecurity Experts.
Remediation Measures: investigation into stolen datanotification of affected organizations
Recovery Measures: dedicated support for affected NHS providerswebsite with updates for stakeholders
Communication Strategy: direct notifications to NHS organizationspublic statementspatient notifications via letters/website
Incident : ransomware VIA1292112111125
Remediation Measures: regularly patch and update VPNs and remote access devicesapply MFA to all accountslimit or remove exposed management interfacessegment networks to isolate critical systemsmonitor proactively for lateral movement or signs of intrusion
Network Segmentation: True
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through cybersecurity experts, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : ransomware VIA3232032111125
Type of Data Compromised: Personal data (names, nhs numbers), Test results, Test codes, Administrative records
Sensitivity of Data: high (health records, personally identifiable information)
Incident : ransomware VIA1292112111125
Data Encryption: True
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: investigation into stolen data, notification of affected organizations, , regularly patch and update VPNs and remote access devices, apply MFA to all accounts, limit or remove exposed management interfaces, segment networks to isolate critical systems, monitor proactively for lateral movement or signs of intrusion, .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : ransomware VIA1292112111125
Ransomware Strain: Qilin
Data Encryption: True
Data Exfiltration: True
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through dedicated support for affected NHS providers, website with updates for stakeholders, .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : ransomware VIA3232032111125
Legal Actions: calls for public inquiry by cybersecurity experts,
Regulatory Notifications: NHS England oversightaffected organizations reviewing data for compliance actions
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through calls for public inquiry by cybersecurity experts, .
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : ransomware VIA3232032111125
Lessons Learned: challenges in investigating unstructured, fragmented stolen data, need for improved cybersecurity in NHS supply chain, importance of coordinated response for large-scale breaches
Incident : ransomware VIA1292112111125
Lessons Learned: Qilin operates as a professionalized RaaS 'tech business' with profit-sharing affiliates, increasing attribution complexity., Basic security gaps (e.g., unpatched VPNs, lack of MFA) remain primary attack vectors., Collaboration among cybercrime groups (e.g., Scattered Spider deploying Qilin) amplifies threat sophistication., Expansion of extortion channels (e.g., Telegram, dark-web leak sites) increases pressure on victims.
What recommendations were made to prevent future incidents ?
Incident : Ransomware VIA625062825
Recommendations: Use multi-factor authentication (MFA), Patch known system vulnerabilities, Maintain support for digital infrastructure, Keep secure, immutable backups of essential dataUse multi-factor authentication (MFA), Patch known system vulnerabilities, Maintain support for digital infrastructure, Keep secure, immutable backups of essential dataUse multi-factor authentication (MFA), Patch known system vulnerabilities, Maintain support for digital infrastructure, Keep secure, immutable backups of essential dataUse multi-factor authentication (MFA), Patch known system vulnerabilities, Maintain support for digital infrastructure, Keep secure, immutable backups of essential data
Incident : ransomware VIA3232032111125
Recommendations: public inquiry into NHS cybersecurity, enhanced protection for third-party suppliers, proactive patient notification protocolspublic inquiry into NHS cybersecurity, enhanced protection for third-party suppliers, proactive patient notification protocolspublic inquiry into NHS cybersecurity, enhanced protection for third-party suppliers, proactive patient notification protocols
Incident : ransomware VIA1292112111125
Recommendations: Regularly patch and update VPNs and remote access devices., Enforce multi-factor authentication (MFA) for all accounts., Limit or eliminate exposed management interfaces., Implement network segmentation to isolate critical systems., Deploy proactive monitoring for lateral movement and intrusion signs., Treat ransomware groups as structured businesses, not just hackers, and adapt defenses accordingly.Regularly patch and update VPNs and remote access devices., Enforce multi-factor authentication (MFA) for all accounts., Limit or eliminate exposed management interfaces., Implement network segmentation to isolate critical systems., Deploy proactive monitoring for lateral movement and intrusion signs., Treat ransomware groups as structured businesses, not just hackers, and adapt defenses accordingly.Regularly patch and update VPNs and remote access devices., Enforce multi-factor authentication (MFA) for all accounts., Limit or eliminate exposed management interfaces., Implement network segmentation to isolate critical systems., Deploy proactive monitoring for lateral movement and intrusion signs., Treat ransomware groups as structured businesses, not just hackers, and adapt defenses accordingly.Regularly patch and update VPNs and remote access devices., Enforce multi-factor authentication (MFA) for all accounts., Limit or eliminate exposed management interfaces., Implement network segmentation to isolate critical systems., Deploy proactive monitoring for lateral movement and intrusion signs., Treat ransomware groups as structured businesses, not just hackers, and adapt defenses accordingly.Regularly patch and update VPNs and remote access devices., Enforce multi-factor authentication (MFA) for all accounts., Limit or eliminate exposed management interfaces., Implement network segmentation to isolate critical systems., Deploy proactive monitoring for lateral movement and intrusion signs., Treat ransomware groups as structured businesses, not just hackers, and adapt defenses accordingly.Regularly patch and update VPNs and remote access devices., Enforce multi-factor authentication (MFA) for all accounts., Limit or eliminate exposed management interfaces., Implement network segmentation to isolate critical systems., Deploy proactive monitoring for lateral movement and intrusion signs., Treat ransomware groups as structured businesses, not just hackers, and adapt defenses accordingly.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are challenges in investigating unstructured, fragmented stolen data,need for improved cybersecurity in NHS supply chain,importance of coordinated response for large-scale breachesQilin operates as a professionalized RaaS 'tech business' with profit-sharing affiliates, increasing attribution complexity.,Basic security gaps (e.g., unpatched VPNs, lack of MFA) remain primary attack vectors.,Collaboration among cybercrime groups (e.g., Scattered Spider deploying Qilin) amplifies threat sophistication.,Expansion of extortion channels (e.g., Telegram, dark-web leak sites) increases pressure on victims.
References
Where can I find more information about each incident ?
Incident : Ransomware VIA625062825
Source: Infosecurity
Incident : ransomware VIA3232032111125
Source: Synnovis official statement (via NHS England)
Date Accessed: 2025-11-10
Incident : ransomware VIA3232032111125
Source: King’s College Hospital NHS Foundation Trust statement
Date Accessed: 2025-11
Incident : ransomware VIA3232032111125
Source: Cybersecurity expert Saif Abed (AbedGraham Group)
Date Accessed: 2025-10
Incident : ransomware VIA1292112111125
Source: Tech Business Insights on Qilin RaaS (Ted Cowell, S-RM)
Date Accessed: 2025-01-01
Incident : ransomware VIA1292112111125
Source: Ransomware-as-a-Service Trends: AI Chatbot Extortion
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Infosecurity, and Source: Synnovis official statement (via NHS England)Date Accessed: 2025-11-10, and Source: King’s College Hospital NHS Foundation Trust statementDate Accessed: 2025-11, and Source: Cybersecurity expert Saif Abed (AbedGraham Group)Date Accessed: 2025-10, and Source: S-RM Intelligence AdvisoryDate Accessed: 2025-01-01, and Source: Tech Business Insights on Qilin RaaS (Ted Cowell, S-RM)Date Accessed: 2025-01-01, and Source: Ransomware-as-a-Service Trends: AI Chatbot Extortion.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : ransomware VIA3232032111125
Investigation Status: completed (as of November 2025)
Incident : ransomware VIA1292112111125
Investigation Status: ongoing (S-RM research)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Direct Notifications To Nhs Organizations, Public Statements and Patient Notifications Via Letters/Website.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : ransomware VIA3232032111125
Stakeholder Advisories: Dedicated Synnovis Website For Updates, Direct Support To Affected Nhs Organizations.
Customer Advisories: potential individual notifications via letters or website statements by NHS providers
Incident : ransomware VIA1292112111125
Stakeholder Advisories: S-Rm Advisory On Qilin Raas Trends (Published 2025-01-01).
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Dedicated Synnovis Website For Updates, Direct Support To Affected Nhs Organizations, Potential Individual Notifications Via Letters Or Website Statements By Nhs Providers, and S-Rm Advisory On Qilin Raas Trends (Published 2025-01-01).
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : ransomware VIA3232032111125
High Value Targets: Patient Health Records, Nhs Administrative Data,
Data Sold on Dark Web: Patient Health Records, Nhs Administrative Data,
Incident : ransomware VIA1292112111125
Entry Point: Unpatched Vpn Appliances, Single-Factor Remote Access Tools, Exposed Management Interfaces,
High Value Targets: Smbs In Construction, Healthcare, Financial Sectors,
Data Sold on Dark Web: Smbs In Construction, Healthcare, Financial Sectors,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : ransomware VIA3232032111125
Root Causes: Unclear (Investigation Focused On Data Impact Rather Than Attack Vector),
Corrective Actions: Ongoing Support For Affected Entities, Potential Policy Changes Pending Public Inquiry,
Incident : ransomware VIA1292112111125
Root Causes: Unpatched Vulnerabilities In Vpn/Remote Access Devices, Lack Of Multi-Factor Authentication (Mfa), Exposed Administrative Interfaces, Collaboration Between Cybercrime Groups (E.G., Scattered Spider Using Qilin Raas),
Corrective Actions: Enhanced Patch Management For Vpns/Remote Access Tools, Mandatory Mfa Implementation, Reduction Of Exposed Attack Surfaces (E.G., Management Interfaces), Network Segmentation And Proactive Intrusion Monitoring,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Cybersecurity Experts, , .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Ongoing Support For Affected Entities, Potential Policy Changes Pending Public Inquiry, , Enhanced Patch Management For Vpns/Remote Access Tools, Mandatory Mfa Implementation, Reduction Of Exposed Attack Surfaces (E.G., Management Interfaces), Network Segmentation And Proactive Intrusion Monitoring, .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Qilin and Qilin ransomware groupScattered Spider (affiliate).
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2024-06-03.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-01-01T00:00:00Z.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were patient names, NHS numbers, test results, test codes, administrative records, and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Pathology servicesBlood testing services and Synnovis corporate systemsadministrative working drive.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was cybersecurity experts, .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were NHS numbers, test results, patient names, administrative records and test codes.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was calls for public inquiry by cybersecurity experts, .
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Expansion of extortion channels (e.g., Telegram, dark-web leak sites) increases pressure on victims.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was enhanced protection for third-party suppliers, Limit or eliminate exposed management interfaces., Keep secure, immutable backups of essential data, proactive patient notification protocols, Deploy proactive monitoring for lateral movement and intrusion signs., Regularly patch and update VPNs and remote access devices., public inquiry into NHS cybersecurity, Patch known system vulnerabilities, Implement network segmentation to isolate critical systems., Treat ransomware groups as structured businesses, not just hackers, and adapt defenses accordingly., Enforce multi-factor authentication (MFA) for all accounts., Maintain support for digital infrastructure and Use multi-factor authentication (MFA).
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are King’s College Hospital NHS Foundation Trust statement, Synnovis official statement (via NHS England), Infosecurity, Ransomware-as-a-Service Trends: AI Chatbot Extortion, Tech Business Insights on Qilin RaaS (Ted Cowell, S-RM), S-RM Intelligence Advisory and Cybersecurity expert Saif Abed (AbedGraham Group).
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is completed (as of November 2025).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was dedicated Synnovis website for updates, direct support to affected NHS organizations, S-RM advisory on Qilin RaaS trends (published 2025-01-01), .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an potential individual notifications via letters or website statements by NHS providers.
Initial Access Broker
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was unclear (investigation focused on data impact rather than attack vector), Unpatched vulnerabilities in VPN/remote access devicesLack of multi-factor authentication (MFA)Exposed administrative interfacesCollaboration between cybercrime groups (e.g., Scattered Spider using Qilin RaaS).
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was ongoing support for affected entitiespotential policy changes pending public inquiry, Enhanced patch management for VPNs/remote access toolsMandatory MFA implementationReduction of exposed attack surfaces (e.g., management interfaces)Network segmentation and proactive intrusion monitoring.
.png)
Latest Global CVEs (Not Company-Specific)
Description
MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the exec_in_pod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string format is provided, it is passed directly to shell interpretation (sh -c) without input validation, allowing shell metacharacters to be interpreted. This vulnerability can be exploited through direct command injection or indirect prompt injection attacks, where AI agents may execute commands without explicit user intent. This vulnerability is fixed in 2.9.8.
Risk Information
cvss3
Base: 6.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Description
XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request.
Description
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass.
Description
Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in the authentication flow. This vulnerability is fixed in 5.9.8.
Risk Information
cvss4
Base: 9.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo > DToA.JS_dtostr > DToA.JS_dtoa > DToA.pow5mult where pow5mult attempts to raise 5 to a ridiculous power. This vulnerability is fixed in 1.8.1, 1.7.15.1, and 1.7.14.1.
Risk Information
cvss4
Base: 5.5
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=viapath-llp' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
