The digital transformation of the UK National Health Service (NHS) has significantly optimised patient care by creating seamless links between hospital trusts, general practices and patients. While this interconnectivity offers many benefits, it has also introduced substantial cybersecurity risks. Cyberattacks on the NHS are becoming more frequent and sophisticated, yet much of the public attention and institutional focus remains on their effects on hospitals and secondary care services. Less recognised is the toll these attacks take on general practices, which form the backbone of the NHS. The ransomware incident involving Synnovis in June 2024 serves as a key example of how cyber threats can severely disrupt primary care operations, with consequences that extend well beyond the initial point of attack.
Primary Care Disruption: An Overlooked Consequence
Primary care services in the UK handle around 300 million patient consultations annually, making them a critical component of the national health infrastructure. However, their experiences during cyber incidents are rarely highlighted. The Synnovis ransomware attack targeted a major diagnostics provider linked to Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospital. While much of the reporting focused on the delays to outpatient appointments and elective procedures in secondary care, 194 general practices in southeast London were also affected.
These practices experienced significant disruption to pathology services, which play a vital role in diagnosing illnesses, monitoring chronic conditions and managing urgent health concerns. With laboratory systems locked down and hospital care prioritised, primary care providers faced major difficulties in obtaining timely blood test results. This situation impeded early diagnosis and the routine management of patients, forcing many general practitioners to delay treatment decisions or seek alternative solutions with limited resources. While no direct patient harm has been attributed to the event, the cumulative impact of postponed tests, delayed diagnoses and disrupted care pathways is likely to affect patient outcomes over time, particularly in cases involving cancer or deteriorating chronic conditions.
Systemic Challenges and Under-reporting
The Synnovis event was not the first major cyberattack to expose the NHS’s vulnerabilities. The 2017 WannaCry ransomware incident affected hundreds of general practices, yet few detailed assessments were conducted regarding its consequences for primary care. This lack of data highlights a broader issue of under-reporting and under-measurement. As health systems focus on high-profile, immediate disruptions in hospital settings, the downstream consequences in general practice often go unnoticed.
This oversight is not just an issue of incomplete reporting but reflects a systemic imbalance in how healthcare resilience is conceptualised and implemented. In times of crisis, primary care providers often lack dedicated resources or structured support to maintain continuity of care. With limited capacity to respond to unexpected technological failures, many general practices operate at the edge of functionality during such disruptions. Furthermore, their digital infrastructure may not be as robust or as frequently updated as that of larger hospital trusts, increasing vulnerability to cyber threats.
Recommended Read: AI's Role in Strengthening Healthcare Cybersecurity in 2025
The cumulative impact of multiple small disruptions across general practices can be as damaging as a single large-scale incident in a hospital. Delays in patient referrals, breakdowns in diagnostic coordination and interruptions in chronic disease monitoring all have long-term implications for health outcomes and healthcare system efficiency. By failing to include primary care within the central cybersecurity strategy, resilience efforts remain incomplete.
Building Resilience Through Inclusive Policy
In recent years, there has been a growing recognition of the need for enhanced cyber resilience across all sectors of the NHS. The National Cyber Security Centre’s Cyber Assessment Framework provides guidance for healthcare organisations to evaluate risks and improve security measures. In addition, the UK Government’s proposed Cyber Security and Resilience Bill seeks to strengthen the digital foundations of critical national infrastructure, including health services.
While these initiatives mark an important shift in policy, their effectiveness depends on their reach and implementation. To date, primary care services have often lacked the investment and technical support required to meet emerging cybersecurity standards. Cyberattacks are growing in complexity, often leveraging artificial intelligence and machine learnings, so smaller and less resourced healthcare providers face increasing exposure to threats they are ill-equipped to counter.
Addressing this issue will require a system-wide commitment to supporting cybersecurity in all parts of the NHS. This includes allocating funds specifically for general practice IT infrastructure, ensuring staff are trained to respond to cyber incidents and integrating primary care into emergency response protocols. Policymakers and NHS leaders must also prioritise data collection on the impacts of cyber incidents in primary care, enabling more accurate risk assessment and more effective planning.
The under-reporting of cyberattack consequences in general practice parallels the broader pattern of underfunding and under-resourcing of primary care identified in recent NHS investigations. Just as efforts to improve patient outcomes must consider the entire care pathway, cybersecurity strategies must encompass all parts of the health system. Without such inclusive planning, gaps in protection will remain, undermining the broader goals of digital transformation and patient safety.
Cyberattacks on healthcare systems have become a persistent threat, revealing critical weaknesses in digital infrastructure and emergency preparedness. Within the NHS, primary care providers are disproportionately affected by such incidents yet often remain outside the spotlight and support mechanisms available to hospital services. The Synnovis ransomware attack offers a compelling case study of how deeply a cyber incident can disrupt general practice, despite limited recognition in official records.
For the NHS to achieve meaningful cyber resilience, a shift in focus is required. The response must move beyond hospital-centric strategies and account for the vulnerabilities, needs and contributions of primary care. This includes improving data collection, investing in infrastructure and embedding cybersecurity into the culture and operations of general practice. By doing so, the NHS can better protect all patients and providers in an increasingly digital healthcare environment.
Source: The Lancet Digital Health
Image Credit: iStock
