Viapath Company CyberSecurity Posture

synnovis.co.uk
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

Synnovis (formerly Viapath) is a partnership between SYNLAB UK & Ireland, Guy’s and St Thomas’ NHS Foundation Trust, and King’s College Hospital NHS Foundation Trust, performing more than 32 million pathology tests a year across a network of routine and specialist laboratories. Serving a population of 1.7 million in south east London, we bring together the very best in clinical, scientific and operational expertise to provide a pathology service which aims to create better outcomes for patients and make a positive difference to people’s health and wellbeing. We work collaboratively with the NHS, SYNLAB, clinical users and other stakeholders – every sample we process represents an individual patient in our joint care, and we understand the important role we play in continually developing services to meet that important responsibility.

Viapath A.I CyberSecurity Scoring

Viapath

Company Details

Linkedin ID:

viapath-llp

Website:

https://www.synnovis.co.uk/

Employees number:

272

Number of followers:

7,271

NAICS:

62

Industry Type:

Hospitals and Health Care

Homepage:

synnovis.co.uk

IP Addresses:

Scan still pending

Company ID:

VIA_2108556

Scan Status:

In-progress

AI scoreViapath Risk Score (AI oriented)

Between 0 and 549

https://images.rankiteo.com/companyimages/viapath-llp.jpeg
Viapath Hospitals and Health Care
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoreViapath Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/viapath-llp.jpeg
Viapath Hospitals and Health Care
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

Viapath

Critical
Current Score
458
C (Critical)
01000
3 incidents
-171.0 avg impact

Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.

DECEMBER 2025
459
NOVEMBER 2025
452
OCTOBER 2025
449
SEPTEMBER 2025
440
AUGUST 2025
432
JULY 2025
422
JUNE 2025
583
Ransomware
26 Jun 2025 • Synnovis
Ransomware Attack on Synnovis

A ransomware attack on Synnovis, a pathology services provider for several NHS hospitals in London, led to widespread disruption of diagnostic services and the death of a patient. The attack, carried out by Qilin, a Russian cybercriminal group, delayed blood test results and caused significant harm to patient care. Over 10,000 appointments were disrupted, 1,710 operations postponed, and 1,100 cancer treatments delayed. The attack was linked to nearly 600 patient safety incidents, including two cases of severe harm.

412
critical -171
VIA625062825
Incident Details -
Type
Ransomware
Impact
Pathology services Blood testing services Disrupted 10,152 outpatient appointments Postponed 1710 elective procedures Delayed 1100 cancer treatments 170 cases of patient harm recorded 2 cases classified as severe
Recommendations
Use multi-factor authentication (MFA) Patch known system vulnerabilities Maintain support for digital infrastructure Keep secure, immutable backups of essential data
References
Blog URL Source URL
MAY 2025
579
APRIL 2025
575
MARCH 2025
570
FEBRUARY 2025
565
JANUARY 2025
560
JUNE 2024
660
Ransomware
16 Jun 2024 • Synnovis
Rise in Qilin Ransomware Incidents Targeting SMBs in Construction, Healthcare, and Financial Sectors

In 2024, **Synnovis**, a UK-based healthcare pathology service provider, fell victim to a **Qilin ransomware attack**, severely disrupting NHS blood transfusion and diagnostic services across London. The breach exploited unpatched VPN vulnerabilities and lack of MFA, leading to **data theft and system encryption**. Patient test results, blood matching, and critical lab operations were delayed or halted, forcing hospitals to declare **major incidents** and divert emergency cases. The attack exposed sensitive medical records, including those of **Ballarat personalities, doctors, and police officers**, while crippling core healthcare infrastructure. Qilin affiliates threatened to leak stolen data on dark-web platforms if ransom demands were unmet. The incident not only endangered patient lives by delaying surgeries and treatments (e.g., cancer care) but also **threatened the organization’s operational existence**, with prolonged outages and reputational damage. The collaboration between Qilin and groups like Scattered Spider further complicated attribution and recovery, underscoring the escalating sophistication of RaaS-driven cybercrime in critical sectors.

517
critical -143
VIA1292112111125
Incident Details -
Type
ransomware data breach cybercrime collaboration
Attack Vector
unpatched VPN appliances lack of multi-factor authentication (MFA) exposed management interfaces single-factor remote access tools
Vulnerability Exploited
unpatched VPN vulnerabilities weak authentication mechanisms exposed administrative interfaces
Motivation
financial gain profit-sharing with affiliates data exfiltration for extortion
Response
regularly patch and update VPNs and remote access devices apply MFA to all accounts limit or remove exposed management interfaces segment networks to isolate critical systems monitor proactively for lateral movement or signs of intrusion
Lessons Learned
Qilin operates as a professionalized RaaS 'tech business' with profit-sharing affiliates, increasing attribution complexity. Basic security gaps (e.g., unpatched VPNs, lack of MFA) remain primary attack vectors. Collaboration among cybercrime groups (e.g., Scattered Spider deploying Qilin) amplifies threat sophistication. Expansion of extortion channels (e.g., Telegram, dark-web leak sites) increases pressure on victims.
Recommendations
Regularly patch and update VPNs and remote access devices. Enforce multi-factor authentication (MFA) for all accounts. Limit or eliminate exposed management interfaces. Implement network segmentation to isolate critical systems. Deploy proactive monitoring for lateral movement and intrusion signs. Treat ransomware groups as structured businesses, not just hackers, and adapt defenses accordingly.
Investigation Status
['ongoing (S-RM research)']
Stakeholder Advisories
S-RM advisory on Qilin RaaS trends (published 2025-01-01)
Initial Access Broker
unpatched VPN appliances single-factor remote access tools exposed management interfaces SMBs in construction, healthcare, financial sectors
Post Incident Analysis
Unpatched vulnerabilities in VPN/remote access devices Lack of multi-factor authentication (MFA) Exposed administrative interfaces Collaboration between cybercrime groups (e.g., Scattered Spider using Qilin RaaS) Enhanced patch management for VPNs/remote access tools Mandatory MFA implementation Reduction of exposed attack surfaces (e.g., management interfaces) Network segmentation and proactive intrusion monitoring
References
Blog URL Source URL
JUNE 2024
762
Ransomware
04 Jun 2024 • Synnovis
Synnovis Ransomware Attack and Data Breach (2024)

Synnovis, a pathology supplier for the NHS, suffered a **ransomware attack on 4 June 2024**, leading to the theft and online publication of **patient and staff data**—including **names, NHS numbers, test results, and administrative records**. The attack caused **widespread NHS service disruptions**, including **thousands of delayed appointments** at **King’s College Hospital and Guy’s and St Thomas’ NHS Foundation Trust**, **blood testing delays in primary care**, and **a confirmed patient death**. The stolen data was **unstructured, fragmented, and incomplete**, complicating investigations. Over a year later (by **November 2025**), Synnovis began notifying affected NHS providers (hospitals, GP practices, clinics) to assess exposure risks. The breach exposed **sensitive health data**, threatening **patient confidentiality, trust in NHS services, and operational continuity**, while also triggering calls for a **public inquiry into NHS cybersecurity and patient safety** due to the attack’s severity and systemic impact.

660
critical -102
VIA3232032111125
Incident Details -
Type
ransomware data breach
Motivation
financial gain data theft
Impact
patient names NHS numbers test results test codes administrative records Synnovis corporate systems administrative working drive widespread disruption to NHS services delayed appointments at King’s College Hospital NHS Foundation Trust delayed appointments at Guy’s and St Thomas’ NHS Foundation Trust delays to blood testing in primary care disruption to pathology services patient death attributed to attack delayed medical procedures potential loss of trust in NHS cybersecurity calls for public inquiry high (due to exposure of NHS numbers and personal data)
Response
cybersecurity experts investigation into stolen data notification of affected organizations dedicated support for affected NHS providers website with updates for stakeholders direct notifications to NHS organizations public statements patient notifications via letters/website
Data Breach
personal data (names, NHS numbers) test results test codes administrative records Sensitivity Of Data: high (health records, personally identifiable information)
Regulatory Compliance
calls for public inquiry by cybersecurity experts NHS England oversight affected organizations reviewing data for compliance actions
Lessons Learned
challenges in investigating unstructured, fragmented stolen data need for improved cybersecurity in NHS supply chain importance of coordinated response for large-scale breaches
Recommendations
public inquiry into NHS cybersecurity enhanced protection for third-party suppliers proactive patient notification protocols
Investigation Status
completed (as of November 2025)
Customer Advisories
potential individual notifications via letters or website statements by NHS providers
Stakeholder Advisories
dedicated Synnovis website for updates direct support to affected NHS organizations
Initial Access Broker
patient health records NHS administrative data
Post Incident Analysis
unclear (investigation focused on data impact rather than attack vector) ongoing support for affected entities potential policy changes pending public inquiry
References
Blog URL Source URL

Frequently Asked Questions

According to Rankiteo, the current A.I.-based Cyber Score for Viapath is 458, which corresponds to a Critical rating.

According to Rankiteo, the A.I. Rankiteo Cyber Score for November 2025 was 452.

According to Rankiteo, the A.I. Rankiteo Cyber Score for October 2025 was 449.

According to Rankiteo, the A.I. Rankiteo Cyber Score for September 2025 was 440.

According to Rankiteo, the A.I. Rankiteo Cyber Score for August 2025 was 432.

According to Rankiteo, the A.I. Rankiteo Cyber Score for July 2025 was 422.

According to Rankiteo, the A.I. Rankiteo Cyber Score for June 2025 was 583.

According to Rankiteo, the A.I. Rankiteo Cyber Score for May 2025 was 579.

According to Rankiteo, the A.I. Rankiteo Cyber Score for April 2025 was 575.

According to Rankiteo, the A.I. Rankiteo Cyber Score for March 2025 was 570.

According to Rankiteo, the A.I. Rankiteo Cyber Score for February 2025 was 565.

According to Rankiteo, the A.I. Rankiteo Cyber Score for January 2025 was 560.

Over the past 12 months, the average per-incident point impact on Viapath’s A.I Rankiteo Cyber Score has been -171.0 points.

You can access Viapath’s cyber incident details on Rankiteo by visiting the following link: https://www.rankiteo.com/company/viapath-llp.

You can find the summary of the A.I Rankiteo Risk Scoring methodology on Rankiteo by visiting the following link: Rankiteo Algorithm.

You can view Viapath’s profile page on Rankiteo by visiting the following link: https://www.rankiteo.com/company/viapath-llp.

With scores of 18.5/20 from OpenAI ChatGPT, 20/20 from Mistral AI, and 17/20 from Claude AI, the A.I. Rankiteo Risk Scoring methodology is validated as a market leader.