Synnovis has completed an 18-month investigation into a ransomware attack by the Qilin gang that disrupted pathology services across London in June 2024. This attack led to the cancellation of thousands of medical appointments and operations, and it has now been linked to a patient's death, marking a rare instance where a ransomware incident has resulted in a fatality. While Synnovis has finished its forensic review, the company has not disclosed the exact number of patients affected, despite estimates from security firm CaseMatrix suggesting that data on over 900,000 NHS patients may have been compromised. The investigation faced challenges due to the nature of the data, which was described as unstructured and fragmented. Synnovis CEO Mark Dollar highlighted the difficulty in reconstructing the data, as it was taken hastily during the cyberattack. The stolen files included pieces of personal data like NHS numbers and names, but most test results lacked clear indicators that would make them easily misusable. Synnovis insists it did not pay any ransom, a decision made in conjunction with the NHS trusts, emphasizing a commitment to ethical practices. Now, Synnovis will notify NHS organizations by November 21 about whether their patient data was involved in the breach. Those organizations will then need to inform individual patients, which could take additional time. The attack's technical details remain murky, as Synnovis could not determine how the hackers gained access initially, which raises concerns for NHS England regarding the security of its suppliers. With the investigation concluded, the focus shifts to patient notifications, but uncertainty still looms over how so much personal data fell into the hands of criminals.