NHS Continues to Face Blood Supply Crisis Post 2024 Cyberattack

One year after a significant ransomware attack on the British pathology laboratory Synnovis, the National Health Service (NHS) in England is grappling with ongoing blood supply challenges. The attack, which occurred in June 2024, severely disrupted pathology services at several hospitals in London, leading to a drastic shortfall in the availability of type O-negative blood, crucial for transfusions across various medical situations.

According to a statement from the NHS Blood and Transplant (NHSBT) issued on June 9, 2025, the organization is now urging one million individuals in England to donate blood to help stabilize the national supply. The plea follows a year marked by continued low blood stocks, exacerbated by a series of recent bank holidays that typically reduce donation rates. NHSBT indicated that a Red Alert could be imminent, where demand would far exceed the available supply, posing a serious threat to public safety.

The June 2024 cyberattack on Synnovis, attributed to the Russian-speaking ransomware group Qilin, was particularly disruptive. It not only led to the cancellation of over 10,000 outpatient appointments but also postponed 1,700 elective procedures at major NHS trusts like King's College Hospital and Guy's and St. Thomas' Hospital. "The ransomware attack was a deliberate act aimed at causing maximum disruption to the UK healthcare system and interfering with essential medical treatments for a vast number of patients," remarked John Riggi, the national advisor for cybersecurity and risk at the American Hospital Association.

Despite the NHSBT's systems not being directly affected by the cyber incident, the consequences were felt acutely due to the inability of hospitals to match blood types for transfusions, as noted by an NHSBT spokesperson. Phil Englert, Vice President of Medical Device Security at the Health Information Sharing and Analysis Center, pointed out that the attack and subsequent blood supply issues occurred at a time when seasonal factors typically reduce blood donations. "The onset of summer often sees a decrease in donations as people go on vacation and remote work impacts corporate blood drives," he stated.

This situation is not unique to the UK. Similar cyber incidents have disrupted blood services globally. In January 2025, the New York Blood Center faced a ransomware attack that triggered a regional blood shortage emergency, following a pattern of attacks that have raised alarms among health organizations worldwide. The Food and Drug Administration (FDA) in the U.S., along with industry partners, issued joint warnings about threats to blood supply chains, emphasizing the critical need for cybersecurity measures to protect these vital resources.

As cyberattacks increasingly target healthcare infrastructures, the implications extend beyond immediate operational disruptions. The human cost of these cyber incidents is profound; as thousands of medical procedures were delayed, patients experienced significant risks to their health. Errol Weiss, Chief Security Officer at Health ISAC, emphasized the necessity for a unified response to such threats, calling for ongoing international collaboration to enhance cybersecurity across the healthcare sector.

In light of the Synnovis attack, experts are advocating for heightened investments in cybersecurity measures and supply chain resilience strategies. "As threat actors increasingly identify critical healthcare service providers, it is imperative that these organizations reinforce their cybersecurity defenses while also ensuring operational resilience to recover swiftly from potential attacks," Weiss concluded. The NHSBT's call for blood donations not only addresses an immediate crisis but serves as a reminder of the systemic vulnerabilities within the healthcare sector that need urgent attention and action to safeguard patient safety in the future.