Exclusive The latest figures suggest that around 1,500 medical procedures have been canceled across some of London’s biggest hospitals in the four weeks since Qilin’s ransomware attack hit pathology services provider Synnovis. But perhaps no single person was affected as severely as Johanna Groothuizen.
Hanna – the name she goes by – is now missing her right breast after her skin-sparing mastectomy and immediate breast reconstruction surgery was swapped out for a simple mastectomy at the last minute.
I never thought it was going to be due to a cyberattack by Russian hackers. That was not something that I would have ever thought would happen
The 36-year-old research culture manager at King’s College London and former researcher in health sciences was diagnosed with HER2-positive breast cancer in late 2023. It’s an aggressive form known for spreading faster and is more commonly recurring, which necessitates urgent treatment.
Hanna soon began a course of chemotherapy following her diagnosis until she was able to have what will hopefully be the first and only major procedure to remove the disease.
Between then and the operation, which was scheduled for June 7 – four days after the ransomware attack was carried out – she had been told repeatedly that the planned procedure was a skin-sparing mastectomy which would have allowed surgeons to cosmetically reconstruct her right breast immediately after the operation.
How the ordeal actually unraveled, however, was an entirely different story. Hanna was given less than 24 hours by doctors to make the daunting decision to either accept a simple mastectomy or delay a life-changing procedure until Synnovis’s systems were back online.
The decision was thrust upon her on the Thursday afternoon before her Friday surgery. This was after she was forced to chase the medical staff for updates about whether the procedure was going ahead at all.
Hanna was told on the Tuesday of that week, the day after Qilin’s attack, that despite everything going on, the staff at St Thomas’ hospital in London were still planning to go ahead with the skin-sparing mastectomy as previously agreed.
Per the updates Hanna requested on Thursday, it was strongly suggested that the operation was going to be canceled. The hospital deemed the reconstruction part of the procedure too risky because Synnovis was unable to support blood transfusions until its systems were back online.
The ransomware attack wasn’t easy on hospitals. The situation was so dire that blood reserves were running low just a week after the attack, prompting an urgent appeal for O-type blood donations.
For Hanna, though, this meant she had to make the unimaginably difficult choice between the surgery she wanted, or the surgery that would give her the best chance at survival.
The mother of two young children, aged four and two, felt like she had no other choice but to accept the simple mastectomy, leaving her with only one breast.
After being told the surgery was unlikely to go ahead, she reminded the medical staff of her particularly aggressive cancer diagnosis and asked about her remaining options, fearing that after numerous rounds of chemotherapy the cancer would grow again.
“The options were to either wait until the system recovered or to just do the mastectomy-only operation, and for me, I did in the end choose to have the mastectomy only, so this was all just very, very last minute,” Hanna told The Register.
“I had no idea when things were going to be OK, the hospital had no idea – they couldn’t tell me, so yeah, in the end, I felt like it was the only choice that I could really make because it’s an aggressive cancer, I have two young children, I don’t want to die. So, yeah, that’s what I did.
“But then obviously you wake up and, you know, you just don’t have a boob.”
With what little time the hospital gave her to make the choice, Hanna asked her friends and other breast cancer survivors for advice. She was met with the universal view that she should take the simple mastectomy to avoid any unnecessary health risks.
Everything about Hanna’s treatment changed from there. The duration of her stay was now much shorter and the aftercare provided to her changed given the different procedure.
Hanna said she remembered a feeling of urgency around the hospital at the time, particularly regarding her post-surgery aftercare, which she thought was somewhat rushed. The surgeon started giving her information about wound care immediately after she woke from general anesthesia. She was understandably dozy and unable to retain that kind of information, although the surgeon did later apologize for this.
She doesn’t think the hospital was in any kind of frenzied state over the cyberattack, other than her experience of rushed aftercare, which she thinks was more to do with the quick change in procedure rather than the disruption caused by Qilin.
Taking it in stride
Despite the abysmal situation Hanna found herself in, and the stress and upset it caused her, over the phone she appeared in remarkably good spirits, all things considered.
Notably, she said she has no ill feelings toward the National Health Service (NHS) and thought the staff at St Thomas’ Hospital treated her well with the necessary care and sympathy.
“Obviously it’s difficult because it’s such a strange kind of event, and operations do get postponed – that’s all understandable, but then, out of all the reasons that you could think of [for an operation to be canceled] this was the last one that I ever considered,” said Hanna. “I never thought it was going to be due to a cyberattack by Russian hackers. That was not something that I would have ever thought would happen.
“It’s just unforeseen. The people in the NHS, they work very hard to just make sure that everyone gets the care that they need.”
Before the incident affected her care, Hanna was aware of cybersecurity and previous attacks on the NHS such as WannaCry back in 2017, but Qilin’s work led her to read up on the topic in much greater depth.
Reflecting on the attack, Hanna said she thinks this raises questions about the resilience of the UK’s public sector infrastructure.
“I guess there is probably an issue in relation to kind of underfunding. I’ve noticed that in my care, particularly in relation to the admin and the things around it, and potentially there are issues around cybersecurity.
“Although this was obviously an external company that was the victim of this cyberattack, it does raise questions about cybersecurity and whether there should be additional measures, protocols, or backups to deal with the situation so