'IT Failure' Hits Blood Tests As Another Critical Incident Declared By NHS

The UK's National Health Service's (NHS) capability to deliver pathology services is taking another beating, with a critical incident declared this morning at two hospitals in England.

Unlike the issues still affecting London hospitals, the incident at Nottingham University Hospitals NHS Trust (NUH) was not believed to be caused by a cyberattack, but rather by a nondescript "IT failure."

City Hospital and Queen's Medical Centre, both located outside central Nottingham, were each struggling to deliver services, with all phlebotomy patients who are due to get blood drawn and tested at these sites being asked not to attend until further notice.

"People should continue to attend other scheduled appointments unless informed otherwise," a notice on its website read.

"There will continue to be delays in the service while we work on a solution. This impacts blood tests from within the Trust and from GP colleagues. Business continuity plans are in place and we are working to prioritize the most urgent blood tests, including cancer and pre-op services."

Moments before publication, the Nottingham NHS trust told The Register that the "critical incident" designation related to "IT issues in our Pathology service" had now been "stood down."

It said the affected systems were "returning to normal ... and we are now operating in business as usual. Patients can now attend the phlebotomy (blood testing) service at City Hospital and the QMC, including the Treatment Centre, for regular tests. GP colleagues are being advised to return to business as usual in testing from 2pm (BST) this afternoon"

It added: "We would like to thank all of our colleagues, patients and our partner agencies for your support and dedication in responding to this incident and protecting patient care."

The Register asked NUH for additional information about the incident, including details about what system or systems were affected, whether patient data is deemed secure, and what remediation efforts were made, but it did not respond to these questions.

Beyond pathology services, patients earlier today were advised to make use of the NHS's non-emergency 111 helpline to relieve pressure on emergency services, and visit A&E departments only when absolutely necessary.

The incident comes months after the attack on Synnovis, a pathology services provider to Guy's and St Thomas', King's College Hospital NHS Foundation Trusts, and primary care services in southeast London.

However, this was a much nastier incident. A Qilin ransomware attack catalyzed months of widespread disruption, and led to some tragic consequences of being unable to fully deliver health services.

Per the NHS's most recent update on the matter, after 13 weeks of disruption which is still causing appointments and procedures to be canceled, a total of 10,129 acute outpatient appointments and 1,702 elective procedures have been postponed across the two London-based NHS trusts since the attack. 

• The fingerpointing starts as cyber incident at London transport body continues
• Qilin: We knew our Synnovis attack would cause a healthcare crisis at London hospitals
• Qilin cyber scum leak data they claim belongs to London hospitals’ pathology provider
• London hospitals left in critical condition after ransomware attack

The NHS is also continuing its call for O-type blood donations. Appeals for more blood started weeks ago, days after the attack, with demand for supplies increasing amid a backdrop of decreasing donations and the attack itself.

Elsewhere in the UK, London's transportation authority, Transport for London (TfL), continues to reel from a "cybersecurity incident." Its incident status page is being updated daily, with eagle-eyed watchers spotting on Tuesday that it removed the reference to there being "no evidence that any customer data has been compromised."

Tewkesbury Borough Council is also still working to bring its systems back online following its "cyber incident" a week ago. Its most recent update shared by chief exec Alistair Cunningham suggested that no resident data had been affected. ®