The must-read stories and debate in health policy and leadership.

The ransomware attack on the pathology system supporting around 2 million people prompts many questions.

Who launched the attack and were they aware of how fundamental a part of the NHS’s infrastructure it was?

Synnovis, owned by German firm Synlab, run the labs for two of the biggest hospital trusts in the NHS and they process the pathology tests for six boroughs’ worth of primary care across south east London.

Synlab’s facilities in Italy were the victims of a ransomware attack in April. Was it the same attackers, and more importantly did they exploit the same vulnerability?

One senior manager told HSJ the attack – the effects of which are likely to be felt for weeks, perhaps months – was “everyone’s worst nightmare”.

Tests for urgent and emergency care will have to be reported under emergency business continuity plans, and histopathology for cancer work might have to wait, or be outsourced.

Guy’s and St Thomas’ Foundation Trust runs not only a major cancer centre, but a children’s hospital and a major heart and lung transplant hospital. Lots of this work has been suspended.

How much will be cancelled? No estimates are available yet. Has anyone come to harm already? No one has yet said.

Other parts of the London system might have to take over the pathology reporting, although the practicalities will make this difficult.

Will this be the most consequential cyber attack on the NHS since WannaCry in 2017? Too early to say but quite possibly. It already outstrips GSTT’s 2022 heatwave IT meltdown and the two smaller outages this December and January.

There is a tangle of legal, ethical, and organisational questions around the basic questions of ransom attacks – will the ransom be paid? How much do they want? Would paying it encourage more attacks? Would not paying it put lives at risk?

Has pathology centralisation gone too far?

Who would need to sign off a payment of this sort, is another significant unanswered question. Presumably central government say-so would be required.

In the meantime, every part of an already pressured system supporting 2 million people will be badly affected for some time.

A serious job

After a 40-year career in the NHS, Tracy Bullock made the difficult decision earlier this year to retire due to ill-health.

In her last interview with HSJ, published this week, she noted the decline in applicants for chief executive roles, citing poor work-life balance and external scrutiny.

“A few years ago, you would put out an advert and get a good number of applications. You’d spend a couple of hours going through applications,” she told HSJ. “Now for exec directors, you’re holding your breath and hoping you get one or two [applications].”

Although she acknowledged being an NHSE CEO is a “serious job”, she said she was her “own worst critic” and didn’t need regulators to apply pressure on her to improve care for patients. Instead, this motivation came from her team and from herself.

Ms Bullock has a varied experience working in the NHS over the years, from one of the top-rated trusts in the country (Mid Cheshire Hospitals) to UHNM, which has had its fair share of serious financial and cultural problems and has been under scrutiny from regulators for years.

But looking back over her career, she said she believes the NHS is “more transparent than ever” and noted major improvements over governance and management processes.

Also on

In Carbon Copy, Zoe Tidman looks at the winners and losers in the bidding process for cash to decarbonise public sector buildings, and we report that bereaved parents are calling for a public inquiry into a trust, as they reveal its maternity departments have been the subject of a slew of serious incidents.