ADVERTISEMENT

Company News

UK Hospital Hack Leaves Kidney Patients at Higher Risk of Heart Failure

(Bloomberg) -- Regular blood tests are critical for 46-year-old Londoner Amit Sanchadev, who relies on dialysis to keep him alive after his only functioning kidney failed in 2016.

He wakes up at 6 a.m. three times a week to plug himself into a home hemodialysis machine that acts as an artificial kidney, cleaning his blood of harmful waste products over about three hours. At least once a month, he sends a blood sample via bike courier to nearby King’s College Hospital for testing, to ensure the dialysis is working. An untreated spike in certain blood chemicals can lead to painful symptoms or even heart failure.  

Sanchadev’s routine blood tests stopped in June, after the hack of Synnovis, a pathology provider that conducts 32 million lab tests a year in partnership with two major UK hospital groups, including King’s. The consequences were immediate and severe, delaying almost 5,000 outpatient appointments and nearly 14,000 operations, according to the National Health Service. Health officials are investigating whether any patient has died as a direct result of the attack, Bloomberg News reported. 

With testing capacity severely reduced, King’s said it is prioritizing people who “most urgently” need blood tests. This has excluded thousands of patients like Sanchadev, whose conditions are serious but not immediately life-threatening. Others who have fallen into this bracket are cancer patients and organ transplant candidates. 

“It puts me in a difficult situation,” Sanchadev told Bloomberg News in an interview, adding that he was operating “blind” without test results. “We’re doing dialysis and hoping everything is OK. But we don’t know our potassium levels. It’s not workable.”

The disruption to Sanchadev’s care is a grim illustration of the human impact of ransomware attacks on critical systems already under strain. The UK’s National Health Service is beloved but already on its knees financially, according to a recent Bloomberg News analysis. The UK election, which took place one month after Synnovis discovered it was hacked, has overshadowed the ongoing fallout, leaving clinicians, patients and advocacy groups frustrated. 

“This should be forefront of NHS discussions,” said Sanchadev, who said he wanted to see more politicians talking about the hack.

The public response has been led by NHS England, which is working with the UK’s cybersecurity and law enforcement agencies to investigate the hack. Health ministers with the previous Conservative government received daily briefings about the hack, officials said. 

Synnovis, a partnership between pathology provider Synlab UK & Ireland, Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospital Foundation Trust, serves eight hospitals within the two trusts plus care services across south London. In the weeks immediately after the attack, blood-testing services across southeast London dropped to just 10% of normal capacity, according to a statement from the NHS. It pegged capacity at 54% in its most recent statement on July 4.

“There are people heading for kidney failure who need urgent tests, people living with transplants, which again need regular blood tests,” said Fiona Loud, policy director at Kidney Care UK, a patient support charity aimed at the estimated 7.2 million people in the UK with chronic kidney disease. “It’s the guide. It drives kidney care. So it can be pretty dangerous not to be able to get blood tests.”

Regular, fast-turnaround tests are essential for calibrating treatment for dialysis patients and their care teams, said John Sayer, clinical professor of renal medicine at Newcastle University. High levels of potassium in the blood, for example, can lead to heart failure if left untreated, he said. 

“Any delays are very, very serious,” Sayer said. Restoring blood chemicals to healthy ranges can require tweaking the dialysis machine settings or taking medicine, but without test results the patient doesn’t know what to change. 

Qilin, the Russian-speaking group that has taken credit for the hack, told Bloomberg News that it doesn’t accept responsibility for the human cost of its actions. The group released millions of patient records obtained in the hack, including sensitive data on pregnant women and newborn babies.

King’s College Hospital NHS Foundation Trust apologized for the impact of the Synnovis hack on patients. 

“We are in contact with all affected patients, and prioritizing blood testing for specific groups of patients, including those with kidney problems, and temporarily reducing the frequency of blood tests for selected patients where it is safe to do so,” a spokeswoman said.

Synnovis did not respond to requests for comment.

For Sanchadev, uncertainty about whether his patient records are now online has compounded his anxiety about the hack’s continued impact on his care. Synnovis has said it is still analyzing the 400 gigabytes of data released by Qilin. 

“It makes me feel — where’s our security, what’s happened to us?” he said. “If somebody has got my data, can it be manipulated and cause more damage to my health?”

(Updates with further details in fourth paragraph)

©2024 Bloomberg L.P.