Ransomware Attack Contributes to a Patient's Death

It is never good when a business has to deal with the fallout of exposed data or losing its ability to provide services to its clients. When medical practices are impacted by ransomware, it compounds the risk. It has always been the worst nightmare of organizations to imagine that a cyberattack would be tied to a patient’s death. As of June 25^th, 2025, the National Health Service (NHS), as part of a standard review of care, found that the 2024 ransomware attack on hospitals in London had slowed the ability to perform blood testing, which is one of the factors that contributed to a patient's death [1]. This is the worst scenario. The attack was also found to have impacted more than 900,000 individuals, exposing test results and names of patients with symptoms of sexually transmitted infections and cancers [1]. Additional implications from the attack included severely reduced blood stocks across England, forcing hospitals to limit transfusions to the most critical cases.

Hindsight is 2020

It is always easier to look back at the aftermath of a breach and see where risks could have been addressed, thus reducing the impact on the organization. It would be difficult to say whether this incident could have been prevented or at least reduced in scope by implementing the proper security controls, thereby potentially saving a life in the process. In this case, based on 2024 details, the attack originated from a third-party provider that served as the initial point of entry for the attack [2]. While the article does not delve into the details of the third-party compromise, it notes that it involved a “digital gateway service” used by several hospitals.

Questions that Should Be Asked

As part of due care and diligence in a technology partnership, knowing that your critical assets, whether in-house or outsourced, are secure is crucial. One must wonder regarding this case:

• Were the hospitals properly vetting and auditing their third-party provider?
• Did they identify these risks as a part of their annual risk assessment process?
• Were there other tasks or controls they could have implemented to reduce risk?

This is likely not the end of the matter, and further investigations and details are likely to be provided because of the 2024 breach. This incident serves as a warning to healthcare providers that cyberattacks are a real-world, potentially life-threatening event; the need for professional oversight, risk management, and cybersecurity programs should be at the top of their minds.

IntelliSystems is a GTIA Trustmark Cybersecurity Assured technology partner. They offer a variety of services that support the efforts of healthcare professionals and businesses to reduce their cybersecurity risk and the risk to the critical systems and data they are entrusted with protecting. If your organization is looking for a consultant to review its alignment with the HIPAA Security Rules or needs deeper insight into its security program, we would like to hear from you.

[1] https://therecord.media/ransomware-attack-contributed-patient-death-uk-nhs

[2] https://techcrunch.com/2024/12/04/ransomware-hackers-target-nhs-hospitals-with-new-cyberattacks/