Mid and South Essex NHS Foundation Trust has said it will contact those patients affected by the cyber attack, which is linked to a third party, a major NHS testing provider
13:42, 08 Jun 2026Updated 13:44, 08 Jun 2026
One of the largest hospital trusts in England has confirmed thousands of patient test results were stolen from a cyber attack with the data published on the dark web.
The Mid and South Essex NHS Foundation Trust (MSE), which oversees operations at Southend, Basildon, and Chelmsford’s Broomfield hospitals, says a total of 2,380 records were compromised in the breach.
Despite the cyber attack taking place in 2024, the Trust was notified about the breach in December and is now preparing to reach out to the individuals impacted. The stolen was taken from the computer drives of a third‑party pathology provider that analyses blood, urine and tissue samples for NHS Trust.
The trust is among a undisclosed number of NHS organisations affected by the breach, which involved confidential patient data. Just last week, Bedfordshire Hospitals NHS Foundation Trust revealed almost 33,000 of its patients had information stolen in the same cyber attack.
The data was published on the dark web, according to scientific organisation Synnovis. However, it said there was no evidence the data had been used maliciously and it was stolen “in haste and in a random manner”. Chief executive Mark Dollar said it was offering “our full support” to the organisations affected.
The cyber attack, for which Qilin, a Russia-based cyber criminal group, has claimed responsibility, took place in June 2024 and affected several London hospitals which relied on Synnovis for testing and IT services.
Following an extensive examination of the compromised information, Synnovis confirmed it has alerted all impacted NHS trusts, noting that individual trust were responsible for informing patients.
According to warnings, the breached data may include patient names, test outcomes, NHS and patient numbers, dates of birth, and postcodes. Although the data did not relate to systems run by MSE, the trust said at a recent board meeting, external it had brought in cyber security experts to strengthen its own systems.
Dawn Scrafield, deputy chief executive for MSE, said the records affected related to a mixture of specialist diagnostic tests.
She said: “Some data is not directly linked to patients, so we are still waiting for confirmation on exact numbers. Once we have established who those patients are, we will be in contact with any who have been affected.”
