The trust was notified of the extent of the data theft by software provider Synnovis which has completed a review of the incident.

Dawn Scrafield, deputy chief executive for Mid and South Essex NHS Foundation Trust, said: ‘Records relating to patients who had a mixture of specialist diagnostic tests were affected. Some data is not directly linked to patients, so we are still waiting for confirmation on exact numbers. Once we have established who those patients are, we will be in contact with any who have been affected.'

The trust said patients tested after 3 June 2024 were not affected, although it was not yet able to determine the time period of the crime.

A Synnovis spokesperson said: ‘Upon conclusion of the forensic investigation, Synnovis was able to notify those organisations whose data was affected, a process that was completed by the end of November 2025.

 

‘UK data protection laws state that in the event of a data breach, it is the data controller, ie the healthcare provider, who is responsible for the data and so must be the one notifying any impacted patients. The timeline for any onward notifications is up to the affected organisation and is likely to be different for each organisation.'