Learning points from the Synnovis cyber-attack from the Pathology Informatics Committee

The Pathology Informatics Committee (PIC) met some College members from the Southeast London Network, who shared their experiences of working in pathology following the cyber-attack on their analyser interfaces (or middleware, if you prefer) with their laboratory information management system (LIMS) that occurred in June 2024.

Their department experienced a prolonged period without an effective analyser/LIMS interface and its connections to internal and external systems, while providing a pathology service to 3 million patients and supporting highly specialised clinical services and a primary care network. One of the key services affected was blood transfusion. The limited capacity for cross-matching had a significant effect on clinical services, including cancelled transplant surgeries and the necessity to exclusively use O-negative blood products, which contributed to a national amber alert for blood supply that was highlighted in the media.

While this was an IT problem, the solutions were not local and immediate, which highlighted the central role that LIMS and middleware have in delivering a pathology service.

How to prepare for cyber-attacks

Our discussion identified the top 5 topics for colleagues to consider as part of their preparation in case a similar incident is repeated elsewhere. These evolved from the immediate to longer-term responses and included:

• diverting primary care from the affected laboratory (stopping and/or diverting workflow)
• controlling clinical demand from secondary care
• identifying mutual aid pathways (general and specific services) from other organisations
• recognising the limited capacity, differing issues and solutions within each pathology department
• ensuring clinical pathology staff were integrated into the decision-making process.

These are broad themes that can be reviewed in context of the general or specialist work undertaken in your own hospital and/or network.

Business continuity

From an informatics perspective, a number of questions were identified to be considered as part of business continuity planning. Members who are currently involved in (or have recently been) gathering data for a replacement LIMS will recognise the amount of detail and data that is part of the functioning of the LIMS. A few questions to consider as part of your continuity plan are listed below.

• Where is your laboratory data backed up and how long would it take to reinstall a copy of your system? Do you have copies of set-up information relating to tests, reference ranges, rules, etc.?
• Where is your middleware and interface software located?
• How is your LIMS set up (e.g. local versus cloud servers) and what connections feed in and out of it?
• Does your order comms have the ability to print paper requests or eye-readable requests on labels?
• Do you have a process to manually generate worklists, perform testing and enter results into the recovering LIMS, with witnesses performing assurance second checking at all manual points?

Within the pathology community, the standardisation of language and test names would provide ease of transfer of requests, reports and interpretation of results. SNOMED CT coding of reported tests is ongoing, but identifying assay-agnostic standardised reporting and interpretation, e.g. positive versus detected, and harmonised reference intervals would benefit clinicians with interpretation in the event that their work is analysed in a different location.

Resilience against future attacks

The PIC identified several themes that could benefit pathology members in their responses to an incident and in developing resilience for the future.

Developing a toolkit for business continuity planning

A pathology-focused toolkit should be developed for business continuity planning and reviewing clinical and laboratory services, IT connections, comms, staffing, etc. This should involve:

• risk matrices by specialty or service
• understanding what the immediate and long-term consequences are
• how to assess the impact of loss of service – in the laboratory, clinical services, patient episodes/care
• the impact on laboratory business – stock, invoices, payments
• the impact on laboratory standards – assessments, external quality assurance metrics, monitored data outputs, dashboards
• the impact on laboratory staff – hours, pay, health and wellbeing, learning
• recording decision-making.

Education and training

Educate all staff groups on manual processes. An understanding of the basic processes that are commonly done electronically (or by programming) can help during downtime but also assists in understanding and interpreting the outputs from artificial intelligence (AI) and machine learning:

• booking in paper requests
• manual cross-matching
• manual aliquots and dilutions.

AI and machine learning

Review and understand the use of AI in pathology, where it works well and the ‘grey zone’. Review robustness, security and accessibility to cloud-based AI and machine-learning software.

Promoting pathology

Promote the value and complexity of pathology and pathologists. Use National Pathology Week and other events to educate healthcare colleagues on the varied and essential work undertaken by each of the specialties in pathology.

Infrastructure

Understand the technology and infrastructure that support work in pathology and where IT systems or equipment needs updating and/or replacing.

Data standards

Develop and implement assay-agnostic terminology standards that allow interoperability for both clinical and research applications with an aligned approach. Better data allows for better outcomes and evaluation of interventions.

Read next