Skip to content
Contact Us
All posts

NHS Cyber Attacks and Incidents in 2024

By  Craig Pepper  ·  3 minute read
The NHS faced a challenging 2024, with a series of cyberattacks and data breaches that disrupted healthcare services and exposed sensitive patient information. Below is a timeline of the most notable incidents.
 

1. NHS Dumfries and Galloway Data Breach (March 2024)

In March, NHS Dumfries and Galloway suffered a ransomware attack that led to the theft of three terabytes of data, including confidential patient records. When the health board refused to pay the ransom, the attackers published the stolen information on the dark web. This incident highlighted the growing threat of ransomware to healthcare organisations.

2. Synnovis Ransomware Attack (June 2024)

On June 3, Synnovis, a pathology services provider for King’s College Hospital and Guy’s and St Thomas’ NHS Foundation Trust, was targeted by the Russian cybercriminal group Qilin. The attack caused severe disruptions:

  • 10,152 outpatient appointments and 1,710 elective procedures were postponed.
  • At least five cases of moderate patient harm were reported.
  • Up to 300 million records, including patient data, were stolen.

This attack underscored the vulnerability of third-party providers in the NHS ecosystem.

Read More on this here

3. IT Outages Linked to CrowdStrike (July 2024)

In July, a global IT outage related to CrowdStrike affected multiple organisations, including NHS trusts. This incident disrupted access to digital records and delayed non-urgent surgeries and appointments. Although not a direct cyberattack, the outage highlighted the NHS's dependence on external IT services and its vulnerability to upstream issues.

4. Cyber Resilience Framework Introduced (September 2024)

In September, the National Data Guardian and NHS England announced an updated Cyber Resilience Framework for health and social care organisations. The framework aims to bolster cybersecurity practices and ensure better protection of systems and data across the NHS.‍

5. Alder Hey Children’s NHS Foundation Trust Data Breach (November 2024)

In late November, Alder Hey Children’s NHS Foundation Trust experienced a significant data breach. Information, allegedly obtained illegally from systems shared with Liverpool Heart and Chest Hospital NHS Foundation Trust, was published online and circulated on social media. The trust worked with the National Crime Agency to investigate and secure its systems.

Alder Hey confirmed that its services remained operational and stated that the breach was not linked to another ongoing cyber incident in Merseyside.

6. Wirral University Teaching Hospitals Cyberattack (November 2024)

On November 25, Wirral University Teaching Hospitals declared a "major incident" following a targeted cyberattack. The trust isolated affected systems as a precaution, reverting to manual processes to continue services. Although the attack disrupted digital systems, the hospital emphasised its efforts to minimise the impact on patient care.

 

Synnovis Attack Fallout and Government Response (September & November 2024)

By late 2024, the Synnovis attack’s impact became clearer, with the Department of Science, Innovation and Technology (DSIT) introducing the Cyber Security and Resilience Bill, scheduled for Parliament in 2025. This legislation aims to address gaps in cybersecurity defences for critical public services, including the NHS.

In a statement on September 30, 2024, the DSIT highlighted the bill’s urgency, referencing attacks like the Synnovis breach as proof of the NHS’s critical need for robust defences.

Late 2024: Government Response and the Cyber Security & Resilience Bill

In September 2024, the UK’s Department for Science, Innovation and Technology (DSIT) announced plans to introduce a new Cyber Security and Resilience Bill, citing incidents like the Synnovis breach as drivers of urgent reform.

By early 2025, the legislation had progressed toward Parliament, aiming to:

  • Set minimum cyber standards for critical services

  • Improve incident response and coordination

  • Mandate cyber maturity assessments for key NHS providers

Trends, Reflection and the Path Ahead

Despite the volume of incidents, Mike Fell, Executive Director of National Cyber Operations at NHS England, stated that cyberattacks may have plateaued or begun to decline. However, the impact and complexity of attacks remain a serious concern.

The NHS’s response in 2024 included:

  • Releasing an updated Cyber Resilience Framework

  • Aligning the DSPT with the NCSC’s Cyber Assessment Framework

  • Supporting independent assessments for trusts and key suppliers

  • Preparing for compliance with the upcoming Cyber Security and Resilience Bill

Together, these steps reflect a growing recognition that proactive cybersecurity measures, not reactive fixes, are the only way forward.

How Periculo Helps Healthcare Organisations Stay Ahead

To prevent incidents like those affecting the NHS in 2024, Periculo’s Managed Security Services deliver:

  • 24/7 threat detection and response

  • Advanced endpoint protection

  • Offline backups and ransomware controls

  • Third-party supplier assurance

  • Cyber risk assessments and penetration testing

  • Full support with CAF-aligned DSPT submissions

We help NHS and healthtech organisations protect data, maintain operational continuity, and build resilience against future attacks.

Find Out More...

 

Updated June 2025