GSTNFT
Company Details
Linkedin ID:
guys-and-st-thomas-nhs-foundation-trust
Employees number:
11,299
Number of followers:
127,351
NAICS:
62
Industry Type:
Homepage:
nhs.uk
IP Addresses:
13
Company ID:
GUY_2884783
Scan Status:
Completed
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
Guy's and St Thomas' NHS Foundation Trust Vendor Cyber Rating & Cyber Score
nhs.ukOne of the largest Trusts in the UK, Guy’s and St Thomas’ NHS Foundation Trust comprises five of the UK’s best known hospitals – Guy’s, St Thomas’, Evelina London Children’s Hospital, Royal Brompton and Harefield – as well as community services in Lambeth and Southwark, all with a long history of high quality care, clinical excellence, research and innovation. We work closely with a wide range of health and care partners to deliver the best care to our local population, and we play an active role in the integrated care systems (ICS) in south east and north west London. We have a long tradition of clinical and scientific achievement and – as part of King’s Health Partners – we are one of England’s eight academic health sciences centres (AHSCs), bringing together world-class clinical services, teaching and research. We are rated Good overall by the Care Quality Commission, and have one of the lowest mortality rates in the country. With around 23,700 staff, we are one of the largest employers locally. We aim to reflect the diversity of the local communities we serve and continue to develop new and existing partnerships with local people, patients, neighbouring NHS organisations, local authorities and charitable bodies and GPs. The dedication and skills of our employees lie at the heart of our organisation. We strive to recruit and retain the best staff to ensure that our services are high quality, safe and patient focused.
Guy's and St Thomas' NHS Foundation Trust A.I CyberSecurity Scoring
GSTNFT Risk Score (AI oriented)Between 600 and 649
GSTNFT
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
GSTNFT Global Score (TPRM)XXXX
GSTNFT
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
GSTNFT Company CyberSecurity News & History
Past Incidents
3
Attack Types
2
NAGuy’s and St Thomas’ NHS Foundation Trust and Synnovis: NHS Pathology Provider Synnovis Notifies Organizations Affected by June 2024 Ransomware Attack
Cyber Attack
Rankiteo Explanation
Attack that could injure or kill people
Description: Synnovis Ransomware Attack Disrupts NHS Pathology Services, Exposes 300M Patient Records In June 2024, UK pathology provider Synnovis a critical supplier of blood, urine, and specimen testing for NHS trusts and private healthcare organizations suffered a ransomware attack by the Qilin group, a Russian-linked cybercriminal operation. The attack, which occurred on June 3, encrypted Synnovis’ systems and exfiltrated data before locking files, causing widespread disruption to NHS services across London and beyond. ### Impact on Healthcare Services The attack paralyzed Synnovis’ IT infrastructure, forcing Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospitals NHS Trust two of the UK’s busiest hospital networks to cancel over 10,000 appointments, including 1,134 planned operations, 2,194 outpatient visits, 100+ cancer treatments, and 18 organ transplants in the first two weeks alone. Blood testing capacity plummeted to 10% of normal levels, leading to a nationwide shortage of O-negative blood as hospitals prioritized emergency cases. The disruption extended to GP surgeries, mental health services (South London and Maudsley NHS Trust), and private healthcare providers, with Synnovis estimating a full recovery would take months. By November 2024, the company had rebuilt 75+ applications, migrated core systems to the cloud, and restored 65+ scientific analyzers across seven locations. ### Data Breach & Ransom Demands Qilin exfiltrated 400GB of data before encrypting Synnovis’ systems, later leaking it on the dark web after the $50 million ransom deadline expired. The stolen data includes 300 million patient interactions, encompassing blood test results, HIV/STI diagnoses, cancer screenings, and personally identifiable information. While Synnovis confirmed no data was taken from its primary lab databases, the breach exposed records from both NHS and private healthcare patients, raising risks of extortion attempts against individuals with sensitive diagnoses. Synnovis refused to pay the ransom, citing ethical concerns and the risk of funding further attacks. The National Crime Agency (NCA), National Cyber Security Centre (NCSC), and Information Commissioner’s Office (ICO) were notified, with authorities considering retaliatory action against Qilin. ### Investigation & Recovery Challenges A 17-month forensic review revealed the attackers randomly stole data from working drives, complicating the identification of affected individuals. Synnovis developed custom systems to reconstruct the data, completing notifications to affected organizations by November 21, 2025. Under UK law, individual NHS trusts not Synnovis will determine whether patients must be notified, with any direct communications from Synnovis flagged as potential scams. The attack’s entry point remains unknown, though Qilin claimed to have exploited a zero-day vulnerability. Synnovis replaced all compromised IT infrastructure and stressed that the exfiltrated data was not in a readily usable format for malicious actors. ### Broader Context This incident follows a separate April 2024 attack on Synnovis by the BlackBasta ransomware group, which also leaked stolen data after a ransom went unpaid. The NHS has faced 215 ransomware attacks since 2019, with 2023 marking a record high in UK cyber incidents. The Synnovis breach underscores the vulnerability of critical healthcare infrastructure to financially motivated cyber threats, particularly those targeting third-party service providers.
Evelina London Children’s Hospital, Synnovis and Guy’s and St Thomas’ NHS Foundation Trust: Services disrupted as London hospitals hit by cyber-attack
Ransomware
Rankiteo Explanation
Attack that could injure or kill people
Description: London Hospitals Disrupted by Ransomware Attack on Blood Test Provider Seven major London hospitals, including Guy’s, St Thomas’, King’s College, and the Evelina children’s hospital, declared a “critical incident” after a ransomware attack crippled their pathology services. The attack, which began on Monday, targeted Synnovis, a private firm that processes blood tests for NHS trusts under a £1.1bn contract. The incident forced cancellations of elective surgeries, blood transfusions, and planned caesarean sections, with some procedures redirected to other hospitals under mutual aid protocols. While emergency care and outpatient services remained operational, staff reported severe disruptions, including a shift to paper-based communication after Synnovis’s IT systems were locked. Synnovis confirmed the attack had affected all its servers, though its labs remained partially functional. The company has engaged cybersecurity experts, including the National Cyber Security Centre (NCSC), and reported the breach to the Information Commissioner’s Office (ICO). The attackers identity unknown deployed ransomware to extort payment, a tactic increasingly paired with data theft and threats of publication if demands aren’t met. This is the third ransomware attack on Synnovis’s parent company, Synlab, in the past year. In June 2023, the Clop gang breached its French subsidiary, while April 2024 saw Black Basta steal and leak 1.5TB of data from its Italian operations. Healthcare remains a prime target for cybercriminals due to underinvestment in IT security and the urgency of restoring critical services. The full recovery timeline remains unclear.
King College Hospital
Ransomware
Rankiteo Explanation
Attack that could injure or kill people
Description: A fatal cyberattack at King College Hospital in London resulted in the death of a patient in June 2024. The attack, conducted by the Russian cybercriminal group Qilin, used ransomware to paralyze the hospital's servers, leading to delays in critical services such as blood analysis results. The attack caused the cancellation of over 10,000 medical appointments and affected the health of nearly 170 patients. This incident highlights the increasing dependence of hospitals on IT tools and the growing threat of cyberattacks on vulnerable healthcare infrastructure.
GSTNFT Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for GSTNFT
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for Guy's and St Thomas' NHS Foundation Trust in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Guy's and St Thomas' NHS Foundation Trust in 2026.
Incident Types GSTNFT vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for Guy's and St Thomas' NHS Foundation Trust in 2026.
Incident History — GSTNFT (X = Date, Y = Severity)
GSTNFT cyber incidents detection timeline including parent company and subsidiaries
GSTNFT Company Subsidiaries
One of the largest Trusts in the UK, Guy’s and St Thomas’ NHS Foundation Trust comprises five of the UK’s best known hospitals – Guy’s, St Thomas’, Evelina London Children’s Hospital, Royal Brompton and Harefield – as well as community services in Lambeth and Southwark, all with a long history of high quality care, clinical excellence, research and innovation. We work closely with a wide range of health and care partners to deliver the best care to our local population, and we play an active role in the integrated care systems (ICS) in south east and north west London. We have a long tradition of clinical and scientific achievement and – as part of King’s Health Partners – we are one of England’s eight academic health sciences centres (AHSCs), bringing together world-class clinical services, teaching and research. We are rated Good overall by the Care Quality Commission, and have one of the lowest mortality rates in the country. With around 23,700 staff, we are one of the largest employers locally. We aim to reflect the diversity of the local communities we serve and continue to develop new and existing partnerships with local people, patients, neighbouring NHS organisations, local authorities and charitable bodies and GPs. The dedication and skills of our employees lie at the heart of our organisation. We strive to recruit and retain the best staff to ensure that our services are high quality, safe and patient focused.
Loading...
GSTNFT Similar Companies
GeBBS Healthcare Solutions
GeBBS Healthcare Solutions is a KLAS rated leading provider of Revenue Cycle Management (RCM) services and Risk Adjustment solutions. GeBBS’ innovative technology, combined with over 14,000-strong global workforce, helps clients improve financial performance, adhere to compliance, and enhance the pa
Allegheny Health Network
Allegheny Health Network is an integrated health care delivery system serving the greater Western Pennsylvania region. More than 2,600 physicians and 21,000 employees serve the system's 14 hospitals as well as its ambulatory medical and surgery centers, Health + Wellness Pavilions, and hundreds of p
Guided by the needs of our patients and their families, Massachusetts General Hospital aims to deliver the very best health care in a safe, compassionate environment; to advance that care through innovative research and education; and, to improve the health and well-being of the diverse communitie
Bon Secours Mercy Health
On September 1, 2018 Bon Secours Health System and Mercy Health combined to become the United States’ fifth largest Catholic health care ministry and one of the nation’s 20 largest health care systems. With 48 hospitals, thousands of providers, over 1,000 points of care and over 60,000 employees Bon
Intermountain Health
Headquartered in Utah with locations in six primary states and additional operations across the western U.S., Intermountain Health is a nonprofit system of 34 hospitals, 400+ clinics, a medical group of more than 4,800 employed physicians and advanced care providers, a health plan division called Se
Johnson & Johnson
At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine
Cleveland Clinic, located in Cleveland, Ohio, is a not-for-profit, multispecialty academic medical center that integrates clinical and hospital care with research and education. Founded in 1921 by four renowned physicians with a vision of providing outstanding patient care based upon the principles
Advocate Aurora Health and Atrium Health are now Advocate Health – the fifth-largest nonprofit integrated health system in the U.S. Advocate Health is the fifth-largest nonprofit integrated health system in the United States –created from the combination of Advocate Aurora Health and Atrium Health
The Netcare Group (JSE: NTC) offers a unique, comprehensive range of medical services across the healthcare spectrum, enabling us to serve the health and care needs of each individual who entrust their care to us. Our focus on implementing sophisticated digital systems will enable us to provide care
.png)
GSTNFT CyberSecurity News
November 12, 2025 08:00 AM
Synnovis Updates On Data Breach From 2024 Ransomware Attack
The medical services firm is notifying affected parties about a data breach which resulted from a 2024 ransomware attack. Synnovis, the UK...
November 11, 2025 08:00 AM
NHS providers reviewing stolen data published by cyber criminals
Pathology supplier Synnovis is contacting NHS organisations which had data stolen and published online following a major cyber attack.
August 13, 2025 07:00 AM
Hackers breach cancer screening data of almost 500,000 women
Personal health data from more than 485000 women has been stolen from a cervical cancer screening programme in the Netherlands.
July 09, 2025 07:00 AM
Birmingham Community Healthcare flags cyber security risk
Birmingham Community Healthcare NHS Foundation Trust (BCHC) has flagged an exposed vulnerability that could lead to a cyber attack.
July 08, 2025 07:00 AM
Former NCSC Head: Synnovis Ransomware Cyber Attack Caused by Trilogy of Issues
The former head of the UK's National Cyber Security Centre has said he is “horrified, but not completely surprised” by the recent attack on...
June 28, 2025 07:00 AM
Qilin Ransomware Attack on NHS Causes Patient Death in the UK
A patient's death has been officially connected to a cyber attack carried out by the Qilin ransomware group that crippled pathology services at several major...
June 26, 2025 07:00 AM
Patient death linked to cyber attack on NHS pathology provider
A patient death has been linked to the cyber attack on NHS pathology system provider Synnovis, King's College Hospital NHS Foundation has confirmed.
June 26, 2025 07:00 AM
Patient Death Linked to Cyberattack on UK Pathology Clinic
A ransomware attack on Synnovis, a key pathology services provider for the UK's National Health Service, has been linked to a patient's...
June 25, 2025 07:00 AM
Patient's death linked to cyber attack on NHS, hospital trust says
King's College Hospital NHS Foundation Trust says the patient died "unexpectedly" during the cyber attack after a "long wait for a blood...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
GSTNFT CyberSecurity History Information
Official Website of Guy's and St Thomas' NHS Foundation Trust
The official website of Guy's and St Thomas' NHS Foundation Trust is https://www.guysandstthomas.nhs.uk/.
Guy's and St Thomas' NHS Foundation Trust’s AI-Generated Cybersecurity Score
According to Rankiteo, Guy's and St Thomas' NHS Foundation Trust’s AI-generated cybersecurity score is 623, reflecting their Poor security posture.
How many security badges does Guy's and St Thomas' NHS Foundation Trust’ have ?
According to Rankiteo, Guy's and St Thomas' NHS Foundation Trust currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Guy's and St Thomas' NHS Foundation Trust been affected by any supply chain cyber incidents ?
According to Rankiteo, Guy's and St Thomas' NHS Foundation Trust has been affected by multiple supply chain cyber incidents. The affected supply chain sources and their corresponding incident IDs are:
- NA (Incident ID: SYNGUY1771180010)
- NA (Incident ID: SYNGUY1774334258)
- NA (Incident ID: KIN617062825)
Does Guy's and St Thomas' NHS Foundation Trust have SOC 2 Type 1 certification ?
According to Rankiteo, Guy's and St Thomas' NHS Foundation Trust is not certified under SOC 2 Type 1.
Does Guy's and St Thomas' NHS Foundation Trust have SOC 2 Type 2 certification ?
According to Rankiteo, Guy's and St Thomas' NHS Foundation Trust does not hold a SOC 2 Type 2 certification.
Does Guy's and St Thomas' NHS Foundation Trust comply with GDPR ?
According to Rankiteo, Guy's and St Thomas' NHS Foundation Trust is not listed as GDPR compliant.
Does Guy's and St Thomas' NHS Foundation Trust have PCI DSS certification ?
According to Rankiteo, Guy's and St Thomas' NHS Foundation Trust does not currently maintain PCI DSS compliance.
Does Guy's and St Thomas' NHS Foundation Trust comply with HIPAA ?
According to Rankiteo, Guy's and St Thomas' NHS Foundation Trust is not compliant with HIPAA regulations.
Does Guy's and St Thomas' NHS Foundation Trust have ISO 27001 certification ?
According to Rankiteo,Guy's and St Thomas' NHS Foundation Trust is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Guy's and St Thomas' NHS Foundation Trust
Guy's and St Thomas' NHS Foundation Trust operates primarily in the Hospitals and Health Care industry.
Number of Employees at Guy's and St Thomas' NHS Foundation Trust
Guy's and St Thomas' NHS Foundation Trust employs approximately 11,299 people worldwide.
Subsidiaries Owned by Guy's and St Thomas' NHS Foundation Trust
Guy's and St Thomas' NHS Foundation Trust presently has no subsidiaries across any sectors.
Guy's and St Thomas' NHS Foundation Trust’s LinkedIn Followers
Guy's and St Thomas' NHS Foundation Trust’s official LinkedIn profile has approximately 127,351 followers.
NAICS Classification of Guy's and St Thomas' NHS Foundation Trust
Guy's and St Thomas' NHS Foundation Trust is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
Guy's and St Thomas' NHS Foundation Trust’s Presence on Crunchbase
Yes, Guy's and St Thomas' NHS Foundation Trust has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/guy-s-and-st-thomas.
Guy's and St Thomas' NHS Foundation Trust’s Presence on LinkedIn
Yes, Guy's and St Thomas' NHS Foundation Trust maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/guys-and-st-thomas-nhs-foundation-trust.
Cybersecurity Incidents Involving Guy's and St Thomas' NHS Foundation Trust
As of March 30, 2026, Rankiteo reports that Guy's and St Thomas' NHS Foundation Trust has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
Guy's and St Thomas' NHS Foundation Trust has an estimated 32,295 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Guy's and St Thomas' NHS Foundation Trust ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack and Ransomware.
How does Guy's and St Thomas' NHS Foundation Trust detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an law enforcement notified with national crime agency (nca), national cyber security centre (ncsc), information commissioner’s office (ico), and containment measures with system encryption, data exfiltration prevention (post-breach), and remediation measures with rebuilt 75+ applications, migrated core systems to the cloud, restored 65+ scientific analyzers, and recovery measures with full recovery estimated to take months, ongoing as of november 2024, and communication strategy with notifications to affected organizations completed by november 21, 2025; individual patient notifications to be determined by nhs trusts, and third party assistance with national cyber security centre (ncsc), cybersecurity experts..
Incident Details
Can you provide details on each incident ?
Title: Fatal Cyberattack at King College Hospital
Description: A cyberattack at King College Hospital in London in June 2024 led to the death of a patient due to delayed blood test results caused by the attack.
Date Detected: 2024-06-03
Type: Ransomware
Attack Vector: Ransomware
Threat Actor: Qilin
Motivation: Financial Gain
Title: Synnovis Ransomware Attack Disrupts NHS Pathology Services, Exposes 300M Patient Records
Description: In June 2024, UK pathology provider Synnovis, a critical supplier of blood, urine, and specimen testing for NHS trusts and private healthcare organizations, suffered a ransomware attack by the Qilin group, a Russian-linked cybercriminal operation. The attack encrypted Synnovis’ systems and exfiltrated data, causing widespread disruption to NHS services across London and beyond.
Date Detected: 2024-06-03
Type: Ransomware
Vulnerability Exploited: Zero-day vulnerability (claimed by Qilin)
Threat Actor: Qilin group
Motivation: Financial gain
Title: London Hospitals Disrupted by Ransomware Attack on Blood Test Provider
Description: Seven major London hospitals declared a 'critical incident' after a ransomware attack crippled their pathology services provided by Synnovis, a private firm processing blood tests for NHS trusts. The attack forced cancellations of elective surgeries, blood transfusions, and planned caesarean sections, with disruptions to IT systems and a shift to paper-based communication.
Date Detected: 2024-06-03
Type: Ransomware
Motivation: Extortion
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
Impact of the Incidents
What was the impact of each incident ?
Incident : Ransomware KIN617062825
Systems Affected: Pathology services
Operational Impact: Over 10,000 medical appointments cancelled
Incident : Ransomware SYNGUY1771180010
Data Compromised: 400GB of data exfiltrated, including 300 million patient interactions
Systems Affected: IT infrastructure, 75+ applications, 65+ scientific analyzers across seven locations
Downtime: Months for full recovery
Operational Impact: Over 10,000 appointments canceled, including 1,134 planned operations, 2,194 outpatient visits, 100+ cancer treatments, and 18 organ transplants. Blood testing capacity reduced to 10% of normal levels.
Brand Reputation Impact: Significant impact on NHS and private healthcare providers
Identity Theft Risk: High (exposure of personally identifiable information)
Incident : Ransomware SYNGUY1774334258
Systems Affected: All Synnovis servers, pathology IT systems
Operational Impact: Cancellations of elective surgeries, blood transfusions, and planned caesarean sections; shift to paper-based communication
Brand Reputation Impact: High
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Blood Test Results, Hiv/Sti Diagnoses, Cancer Screenings, Personally Identifiable Information and .
Which entities were affected by each incident ?
Incident : Ransomware KIN617062825
Entity Name: King College Hospital
Entity Type: Hospital
Industry: Healthcare
Location: London, UK
Customers Affected: Nearly 170 patients affected
Incident : Ransomware SYNGUY1771180010
Entity Name: Synnovis
Entity Type: Pathology service provider
Industry: Healthcare
Location: United Kingdom
Customers Affected: NHS trusts, private healthcare organizations, GP surgeries, mental health services
Incident : Ransomware SYNGUY1771180010
Entity Name: Guy’s and St Thomas’ NHS Foundation Trust
Entity Type: NHS Hospital Trust
Industry: Healthcare
Location: London, UK
Customers Affected: Patients requiring blood tests, surgeries, and outpatient care
Incident : Ransomware SYNGUY1771180010
Entity Name: King’s College Hospitals NHS Trust
Entity Type: NHS Hospital Trust
Industry: Healthcare
Location: London, UK
Customers Affected: Patients requiring blood tests, surgeries, and outpatient care
Incident : Ransomware SYNGUY1771180010
Entity Name: South London and Maudsley NHS Trust
Entity Type: NHS Mental Health Trust
Industry: Healthcare
Location: London, UK
Customers Affected: Mental health service patients
Incident : Ransomware SYNGUY1774334258
Entity Name: Synnovis
Entity Type: Private firm
Industry: Healthcare (Pathology Services)
Location: United Kingdom
Customers Affected: Seven major London hospitals including Guy’s, St Thomas’, King’s College, and Evelina children’s hospital
Incident : Ransomware SYNGUY1774334258
Entity Name: Guy’s Hospital
Entity Type: Hospital
Industry: Healthcare
Location: London, United Kingdom
Incident : Ransomware SYNGUY1774334258
Entity Name: St Thomas’ Hospital
Entity Type: Hospital
Industry: Healthcare
Location: London, United Kingdom
Incident : Ransomware SYNGUY1774334258
Entity Name: King’s College Hospital
Entity Type: Hospital
Industry: Healthcare
Location: London, United Kingdom
Incident : Ransomware SYNGUY1774334258
Entity Name: Evelina London Children’s Hospital
Entity Type: Hospital
Industry: Healthcare
Location: London, United Kingdom
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Ransomware SYNGUY1771180010
Law Enforcement Notified: National Crime Agency (NCA), National Cyber Security Centre (NCSC), Information Commissioner’s Office (ICO)
Containment Measures: System encryption, data exfiltration prevention (post-breach)
Remediation Measures: Rebuilt 75+ applications, migrated core systems to the cloud, restored 65+ scientific analyzers
Recovery Measures: Full recovery estimated to take months, ongoing as of November 2024
Communication Strategy: Notifications to affected organizations completed by November 21, 2025; individual patient notifications to be determined by NHS trusts
Incident : Ransomware SYNGUY1774334258
Third Party Assistance: National Cyber Security Centre (NCSC), cybersecurity experts
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through National Cyber Security Centre (NCSC), cybersecurity experts.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Ransomware SYNGUY1771180010
Type of Data Compromised: Blood test results, Hiv/sti diagnoses, Cancer screenings, Personally identifiable information
Number of Records Exposed: 300 million patient interactions
Sensitivity of Data: High (medical and personally identifiable information)
Data Exfiltration: Yes (400GB exfiltrated)
Data Encryption: Yes (ransomware encryption)
Personally Identifiable Information: Yes
Incident : Ransomware SYNGUY1774334258
Data Exfiltration: Possible (common in ransomware attacks)
Data Encryption: Yes (ransomware)
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Rebuilt 75+ applications, migrated core systems to the cloud, restored 65+ scientific analyzers.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by system encryption and data exfiltration prevention (post-breach).
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Ransomware SYNGUY1771180010
Ransom Demanded: $50 million
Ransom Paid: No
Ransomware Strain: Qilin
Data Encryption: Yes
Data Exfiltration: Yes
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Full recovery estimated to take months, ongoing as of November 2024.
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Ransomware SYNGUY1771180010
Legal Actions: Authorities considering retaliatory action against Qilin
Regulatory Notifications: ICO notified
Incident : Ransomware SYNGUY1774334258
Regulatory Notifications: Reported to Information Commissioner’s Office (ICO)
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Authorities considering retaliatory action against Qilin.
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Ransomware SYNGUY1771180010
Lessons Learned: Vulnerability of critical healthcare infrastructure to third-party service provider attacks; challenges in identifying and notifying affected individuals due to random data exfiltration; importance of robust incident response and recovery plans.
Incident : Ransomware SYNGUY1774334258
Lessons Learned: Healthcare remains a prime target for cybercriminals due to underinvestment in IT security and the urgency of restoring critical services.
What recommendations were made to prevent future incidents ?
Incident : Ransomware SYNGUY1771180010
Recommendations: Enhance cybersecurity measures for third-party vendors; improve data protection and encryption; develop clearer protocols for patient notifications in large-scale breaches; invest in zero-day vulnerability detection and mitigation.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Vulnerability of critical healthcare infrastructure to third-party service provider attacks; challenges in identifying and notifying affected individuals due to random data exfiltration; importance of robust incident response and recovery plans.Healthcare remains a prime target for cybercriminals due to underinvestment in IT security and the urgency of restoring critical services.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Enhance cybersecurity measures for third-party vendors; improve data protection and encryption; develop clearer protocols for patient notifications in large-scale breaches; invest in zero-day vulnerability detection and mitigation..
References
Where can I find more information about each incident ?
Incident : Ransomware KIN617062825
Source: BBC
Incident : Ransomware SYNGUY1771180010
Source: Synnovis incident reports
Incident : Ransomware SYNGUY1771180010
Source: NHS cyber incident records
Incident : Ransomware SYNGUY1774334258
Source: News Article
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: BBC, and Source: Synnovis incident reports, and Source: NHS cyber incident records, and Source: News Article.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Ransomware SYNGUY1771180010
Investigation Status: Ongoing (17-month forensic review completed, notifications sent to affected organizations)
Incident : Ransomware SYNGUY1774334258
Investigation Status: Ongoing
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notifications to affected organizations completed by November 21 and 2025; individual patient notifications to be determined by NHS trusts.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Ransomware SYNGUY1771180010
Stakeholder Advisories: NHS trusts advised to determine patient notifications; Synnovis warnings about potential scam communications
Customer Advisories: Patients advised to verify communications from NHS trusts regarding the breach
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were NHS trusts advised to determine patient notifications; Synnovis warnings about potential scam communications and Patients advised to verify communications from NHS trusts regarding the breach.
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Ransomware SYNGUY1771180010
Root Causes: Exploitation of zero-day vulnerability (claimed); lack of robust third-party vendor security measures
Corrective Actions: Replaced all compromised IT infrastructure; developed custom systems to reconstruct data; enhanced security protocols for future incidents
Incident : Ransomware SYNGUY1774334258
Root Causes: Underinvestment in IT security, healthcare as a high-value target
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as National Cyber Security Centre (NCSC), cybersecurity experts.
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Replaced all compromised IT infrastructure; developed custom systems to reconstruct data; enhanced security protocols for future incidents.
Additional Questions
General Information
Has the company ever paid ransoms ?
Ransom Payment History: The company has Paid ransoms in the past.
What was the amount of the last ransom demanded ?
Last Ransom Demanded: The amount of the last ransom demanded was $50 million.
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Qilin and Qilin group.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2024-06-03.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were 400GB of data exfiltrated and including 300 million patient interactions.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was National Cyber Security Centre (NCSC), cybersecurity experts.
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were System encryption and data exfiltration prevention (post-breach).
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were 400GB of data exfiltrated and including 300 million patient interactions.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 300.0M.
Ransomware Information
What was the highest ransom demanded in a ransomware incident ?
Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was $50 million.
What was the highest ransom paid in a ransomware incident ?
Highest Ransom Paid: The highest ransom paid in a ransomware incident was No.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Authorities considering retaliatory action against Qilin.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Vulnerability of critical healthcare infrastructure to third-party service provider attacks; challenges in identifying and notifying affected individuals due to random data exfiltration; importance of robust incident response and recovery plans., Healthcare remains a prime target for cybercriminals due to underinvestment in IT security and the urgency of restoring critical services.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Enhance cybersecurity measures for third-party vendors; improve data protection and encryption; develop clearer protocols for patient notifications in large-scale breaches; invest in zero-day vulnerability detection and mitigation..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are NHS cyber incident records, Synnovis incident reports, BBC and News Article.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (17-month forensic review completed, notifications sent to affected organizations).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was NHS trusts advised to determine patient notifications; Synnovis warnings about potential scam communications, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Patients advised to verify communications from NHS trusts regarding the breach.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Exploitation of zero-day vulnerability (claimed); lack of robust third-party vendor security measures, Underinvestment in IT security, healthcare as a high-value target.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Replaced all compromised IT infrastructure; developed custom systems to reconstruct data; enhanced security protocols for future incidents.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument lanIp leads to command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Risk Information
cvss2
Base: 6.5
Severity: LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 6.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib. Compress::Raw::Zlib is included in the Perl package as a dual-life core module, and is vulnerable to CVE-2026-3381 due to a vendored version of zlib which has several vulnerabilities, including CVE-2026-27171. The bundled Compress::Raw::Zlib was updated to version 2.221 in Perl blead commit c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94.
References
- https://github.com/Perl/perl5/commit/c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94
- https://lists.security.metacpan.org/cve-announce/msg/37638919/
- https://metacpan.org/release/PMQS/Compress-Raw-Zlib-2.221/source/Changes
- https://metacpan.org/release/SHAY/perl-5.40.4/changes
- https://metacpan.org/release/SHAY/perl-5.42.2/changes
- https://www.cve.org/CVERecord?id=CVE-2026-3381
Description
Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically extracted binary data, resulting in arbitrary command execution when an analyst interacts with the UI. Specifically, the @execute annotation (which is intended for trusted, user-authored comments) is also parsed in comments generated during auto-analysis (such as CFStrings in Mach-O binaries). This allows a crafted binary to present seemingly benign clickable text which, when clicked, executes attacker-controlled commands on the analyst’s machine.
Risk Information
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Description
A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any authenticated user to accept or reject friend requests belonging to other users. The `respond_request()` function in `backend/routers/friends.py` does not implement proper authorization checks, enabling Insecure Direct Object Reference (IDOR) attacks. Specifically, the `/api/friends/requests/{friendship_id}` endpoint fails to verify whether the authenticated user is part of the friendship or the intended recipient of the request. This vulnerability can lead to unauthorized access, privacy violations, and potential social engineering attacks. The issue has been addressed in version 2.2.0.
Risk Information
cvss3
Base: 8.3
Severity: LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Description
A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms versions prior to 2.2.0, specifically in the `/api/files/export-content` endpoint. The `_download_image_to_temp()` function in `backend/routers/files.py` fails to validate user-controlled URLs, allowing attackers to make arbitrary HTTP requests to internal services and cloud metadata endpoints. This vulnerability can lead to internal network access, cloud metadata access, information disclosure, port scanning, and potentially remote code execution.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=guys-and-st-thomas-nhs-foundation-trust' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
