Skip to content
VarSome API VarSome.com VarSome Clinical

Cybersecurity Failures in Healthcare: Real Consequences, Higher Stakes

Jason Armstrong
Jason Armstrong |

Cybersecurity failures in healthcare are not hypothetical IT concerns. They have real, sometimes tragic, consequences for patient care. In June 2024, a ransomware attack on Synnovis – the pathology provider for two London NHS trusts – disrupted over 10,000 appointments and delayed blood test results. 

In June 2025, a spokesperson from King’s College Hospital NHS Foundation Trust confirmed that one patient's unexpected death was linked to those delays. Their investigation found that the long wait for a blood result, caused by the cyberattack, was one of several contributing factors. 

This was not a case of stolen spreadsheets or temporary inconvenience. It was a direct line from a cyberattack to a clinical outcome. In healthcare, security incidents are not abstract risks; they are patient safety events. In genomics, where data is uniquely sensitive and workflows are deeply interconnected, the stakes are even higher.

Uniquely Exposed

Most industries face financial or reputational loss when systems fail. Healthcare, however, carries the additional burden of protecting patients from harm. Three factors make this sector especially exposed:

  1. Time sensitivity: Delayed diagnostics or treatment can rapidly escalate from inconvenience to crisis. In oncology or emergency medicine, minutes matter.
  2. Data uniqueness: Patient data cannot be reset like a password. Genomic data, once exposed, is permanently identifying. 
  3. System interdependence: Hospitals, laboratories, and general practice networks are linked through complex IT systems. A breach in one node can cascade across the chain. 

The factors mean that even small-scale incidents can translate into serious clinical consequences. 

Case Studies: When Attacks Reach the Bedside

NHS/Synnovis (2024)
The Synnovis ransomware attack forced staff into manual processes for ordering and analysing tests. Blood transfusions were delayed, GPs could not access results, and thousands of appointments were cancelled. In June 2025, a King's College Hospital spokesperson confirmed that a patient’s death was linked to these delays. The case illustrates how a disruption in a support service, like pathology, can ripple directly into front-line care. It also highlights how preventable some incidents may be. In September 2024, a strategic advisor in NHS England’s frontline digitization team suggested the Synnovis attack could have been avoided had two-factor authentication been in place (Digital Health).

Springhill Medical Center, Alabama (2019)
In the United States, a lawsuit was filed against Springhill Medical Center in Alabama after a ransomware attack in 2019 disrupted hospital IT systems for eight days. The suit alleges that monitoring and diagnostic failures linked to the outage contributed to severe harm during childbirth, ultimately leading to the death of an infant nine months later. The hospital has denied wrongdoing, but the case is widely cited as the first alleging a patient death connected to a ransomware attack. Even without a final legal conclusion, it highlights the clinical risk when monitoring systems are taken offline. (The HIPAA Journal)

Irish Health Service Executive (2021)
A nationwide ransomware attack on Ireland’s HSE forced the shutdown of IT systems across hospitals and clinics. A peer-reviewed study of the incident found that cancer services, radiology, maternity care, and routine outpatient appointments were severely disrupted, with staff reverting to paper records under high pressure. While no single death was officially linked to the attack, and despite the commendable efforts by health service staff cited in the study, the HSE faces over 400 lawsuits as a result of delays. This case demonstrates the systemic vulnerability of centralised health systems to a single point of failure. (Moore et al. 2023)

System Overload and Indirect Harm
The damage is not always confined to the affected hospital. When one facility is paralyzed, neighbouring hospitals absorb the overflow. A 2024 study found that cardiac arrest cases increased significantly in hospitals adjacent to those hit by ransomware, with survival rates falling as a result. Cyberattacks, therefore, generate “spillover mortality,” a public health effect that extends well beyond the immediate cybervictim. (Pham et al. 2024)

High Stakes at the Frontier

The risks facing genomics are even greater than those in general healthcare IT. As shown in recent work on cyber-biosecurity, sequencing pipelines carry novel vulnerabilities that conventional IT frameworks were never designed to handle; proof-of-concept attacks have shown that malicious code can be encoded in synthetic DNA and executed when sequenced; widely used open-source bioinformatics tools are vulnerable to supply-chain compromises;  and machine-learning models used in variant calling can be poisoned with adversarial inputs. (Anjum et al. 2025)

The difference is that genetic data has both clinical urgency and permanent privacy implications. If ransomware halts sequencing or corrupts variant interpretation pipelines, patient care is delayed just as surely as in the Synnovis case. But unlike a blood test or scan, genomic data, once stolen, cannot be fully recovered. It can be used to identify not only an individual, but also their relatives. A single breach creates a lifetime of potential exposure. 

A Call to Action

These cases demonstrate that cybersecurity in healthcare is not about protecting systems for their own sake. It is about protecting patients. Every disruption, from ransomware to data leakage, provides a path to clinical harm. For genomics laboratories and clinical data providers, the lessons are urgent:

  • Treat cybersecurity as patient safety. Security failures should be recorded and investigated like other adverse events.
  • Build resilience, not just defences. Assume systems will be attacked and plan for their recovery – tested backups, redundant pipelines, and degraded-mode operations. 
  • Audit dependencies. From sequencing firmware to open-source tools, every component should be verified, logged, and monitored for tampering.
  • Secure data at rest and in transit. Strong encryption and strict access controls must be standard for genomic datasets. 
  • Vet third parties. Attacks on partners and suppliers, as seen in Synnovis, can be just as damaging as direct breaches. 

The Synnovis attack showed how a cyber incident could contribute to a patient’s death. The other cases mentioned reinforce healthcare as a uniquely exposed industry.  In genomics, where data is both clinically critical and permanently identifying, the stakes are even higher. Cybersecurity failures in this sector are not abstract risks. They are clinical risks. And addressing them with the urgency they demand is essential if genomics and precision medicine are to deliver their promise safely. 

Share this post