Exclusive The latest figures suggest that around 1,500 medical procedures have been canceled across some of London's biggest hospitals in the four weeks since Qilin's ransomware attack hit pathology services provider Synnovis. But perhaps no single person was affected as severely as Johanna Groothuizen.

Hanna - the name she goes by - is now missing her right breast after her skin-sparing mastectomy and immediate breast reconstruction surgery was swapped out for a simple mastectomy at the last minute.

I never thought it was going to be due to a cyberattack by Russian hackers. That was not something that I would have ever thought would happen

The 36-year-old research culture manager at King's College London and former researcher in health sciences was diagnosed with HER2-positive breast cancer in late 2023. It's an aggressive form known for spreading faster and is more commonly recurring, which necessitates urgent treatment.

Hanna soon began a course of chemotherapy following her diagnosis until she was able to have what will hopefully be the first and only major procedure to remove the disease. 

Between then and the operation, which was scheduled for June 7 - four days after the ransomware attack was carried out - she had been told repeatedly that the planned procedure was a skin-sparing mastectomy which would have allowed surgeons to cosmetically reconstruct her right breast immediately after the operation.

How the ordeal actually unraveled, however, was an entirely different story. Hanna was given less than 24 hours by doctors to make the daunting decision to either accept a simple mastectomy or delay a life-changing procedure until Synnovis's systems were back online.

The decision was thrust upon her on the Thursday afternoon before her Friday surgery. This was after she was forced to chase the medical staff for updates about whether the procedure was going ahead at all.

Hanna was told on the Tuesday of that week, the day after Qilin's attack, that despite everything going on, the staff at St Thomas' hospital in London were still planning to go ahead with the skin-sparing mastectomy as previously agreed.

Per the updates Hanna requested on Thursday, it was strongly suggested that the operation was going to be canceled. The hospital deemed the reconstruction part of the procedure too risky because Synnovis was unable to support blood transfusions until its systems were back online.

The ransomware attack wasn't easy on hospitals. The situation was so dire that blood reserves were running low just a week after the attack, prompting an urgent appeal for O-type blood donations.

For Hanna, though, this meant she had to make the unimaginably difficult choice between the surgery she wanted, or the surgery that would give her the best chance at survival.

The mother of two young children, aged four and two, felt like she had no other choice but to accept the simple mastectomy, leaving her with only one breast.

After being told the surgery was unlikely to go ahead, she reminded the medical staff of her particularly aggressive cancer diagnosis and asked about her remaining options, fearing that after numerous rounds of chemotherapy the cancer would grow again.

"The options were to either wait until the system recovered or to just do the mastectomy-only operation, and for me, I did in the end choose to have the mastectomy only, so this was all just very, very last minute," Hanna told The Register.

"I had no idea when things were going to be OK, the hospital had no idea - they couldn't tell me, so yeah, in the end, I felt like it was the only choice that I could really make because it's an aggressive cancer, I have two young children, I don't want to die. So, yeah, that's what I did.

"But then obviously you wake up and, you know, you just don't have a boob."

With what little time the hospital gave her to make the choice, Hanna asked her friends and other breast cancer survivors for advice. She was met with the universal view that she should take the simple mastectomy to avoid any unnecessary health risks.

Everything about Hanna's treatment changed from there. The duration of her stay was now much shorter and the aftercare provided to her changed given the different procedure.

Hanna said she remembered a feeling of urgency around the hospital at the time, particularly regarding her post-surgery aftercare, which she thought was somewhat rushed. The surgeon started giving her information about wound care immediately after she woke from general anesthesia. She was understandably dozy and unable to retain that kind of information, although the surgeon did later apologize for this.

She doesn't think the hospital was in any kind of frenzied state over the cyberattack, other than her experience of rushed aftercare, which she thinks was more to do with the quick change in procedure rather than the disruption caused by Qilin.

Taking it in stride

Despite the abysmal situation Hanna found herself in, and the stress and upset it caused her, over the phone she appeared in remarkably good spirits, all things considered.

Notably, she said she has no ill feelings toward the National Health Service (NHS) and thought the staff at St Thomas' Hospital treated her well with the necessary care and sympathy.

"Obviously it's difficult because it's such a strange kind of event, and operations do get postponed - that's all understandable, but then, out of all the reasons that you could think of [for an operation to be canceled] this was the last one that I ever considered," said Hanna. "I never thought it was going to be due to a cyberattack by Russian hackers. That was not something that I would have ever thought would happen.

"It's just unforeseen. The people in the NHS, they work very hard to just make sure that everyone gets the care that they need."

Before the incident affected her care, Hanna was aware of cybersecurity and previous attacks on the NHS such as WannaCry back in 2017, but Qilin's work led her to read up on the topic in much greater depth.

Reflecting on the attack, Hanna said she thinks this raises questions about the resilience of the UK's public sector infrastructure.

"I guess there is probably an issue in relation to kind of underfunding. I've noticed that in my care, particularly in relation to the admin and the things around it, and potentially there are issues around cybersecurity.

"Although this was obviously an external company that was the victim of this cyberattack, it does raise questions about cybersecurity and whether there should be additional measures, protocols, or backups to deal with the situation so that you don't get into this kind of trouble."

One of the core aims of the UK's National Cyber Security Strategy (2022-2030) was to have the government's critical functions, which include the delivery of essential public services, significantly hardened to cyberattacks by 2025. However, there has been an ample number of events in recent months to suggest this target is far from being met.

The recent attack on Synnovis is the latest reminder of what happens when mission-critical organizations are breached, but over the last 12 months the UK has seen various other attacks cause significant disruption. From a crippling attack on its government-sponsored national library, to a breach at its Ministry of Defence, a litany of data protection gaffes, and the National Cyber Security Centre (NCSC) voicing concerns over the state of critical infrastructure - the UK's security posture must become more robust.

But that's now a job for Sir Keir Starmer and the Labour Party.

Hanna said she mainly blames Qilin, who previously told The Register they were fully aware of the disruption their attack would cause, for the events that left her without a breast.

Asked what she would say to Qilin's members if she ever met them, Hanna once again showed her strength in handling the difficult situation, bringing light to the matter with her humor.

"I would flash them," she quipped, letting out a laugh. "I would show them a picture of what my body now looks like. This is what you did.

"But, gosh, what would you say to people like that? I think that it's very easy to do something like that from the safety of your computer while you can almost disassociate from it. You can pretend that it isn't real people that you're dealing with."

Road to recovery

Hanna's surgery went well, she is now back home with her children, and preparing to receive an additional course of treatment after her operation to ensure the cancer is fully eradicated.

This will involve another round of chemotherapy alongside some targeted therapy that aims to tackle the specific HER2-positive type of cancer she has.

She also hasn't ruled out opting for breast reconstruction in the future, but said because of the treatment she still needs to go through, it will be at least a year before that becomes an option for her.

One month in

At the time of writing, it's now nearly five weeks since Qilin's attack on Synnovis - a pathology services partnership between Synlab, Guy's and St Thomas' NHS Foundation Trust, and King's College Hospital NHS Foundation Trust.

The most recent update provided by the NHS said disruption to services was still evident across the region, although some services such as outpatient appointments are returning to near-normal levels.

In the last week of data (June 24-30), 1,517 acute outpatient appointments and 136 elective procedures were postponed across the two NHS trusts partnered with Synlab. The total number of postponements for the entire month since the attack took hold (June 3-30) stand at 4,913 for acute outpatient appointments and 1,391 for elective procedures.

Dr Chris Streather, Medical Director for NHS London, said: "I'm incredibly proud of how the NHS in London continues to work to minimize the impact on patients, with staff working hard to maintain patient safety and provide the high-quality care that we strive for across the capital."

He went on to highlight the fact that services were returning to near-normal operation and recognized the added difficulty that last week's industrial action put on staff at the affected hospitals.

Streather also noted that pathology services are now operating at 54 percent of their pre-ransomware attack capacity.

A spokesperson for Guy's and St Thomas' NHS Foundation Trust told The Register: "We're incredibly sorry for the impact the criminal cyber-attack on our pathology provider, Synnovis, had on Johanna's care, and we apologize for any distress this may have caused." ®

https://www.theregister.com//2024/07/05/qilin_impacts_patient/