Supply chain hacks double as Marks & Spencer and NHS England suffer major breaches

Ana sayfa / News

Supply chain hacks are rising fast—and the consequences are getting more serious. In 2024, 30% of cyberattacks came through third-party vendors, according to the Financial Times. That’s double the number from the previous year. Major UK institutions, including Marks & Spencer and NHS England, were among those hit hardest, forcing regulators to tighten the rules.

Supply chain hacks disrupt Marks & Spencer operations

In April 2025, Marks & Spencer confirmed that one of its supplier systems had been compromised. The breach caused widespread disruption, halting online orders, delaying Click & Collect, and freezing gift card services. Logistics around food delivery were also impacted.

The fallout wasn’t small. M&S estimated a £300 million profit hit from the disruption. CEO Stuart Machin announced on July 1 that recovery was in progress, with most services expected to stabilize by August. By mid-August, Click & Collect and returns were back, but some product delays lingered.

NHS England links patient death to Synnovis hack

Meanwhile, the healthcare sector faced its own crisis. In June 2024, Synnovis, a pathology service provider for London NHS trusts, was hit with a ransomware attack. The incident, claimed by the Qilin group, shut down diagnostics and transfusion services, forcing thousands of appointment postponements.

A year later, UK officials confirmed the worst: the cyberattack contributed to a patient’s death, tied to delayed blood test results. It marked a rare and tragic example of how digital threats now directly endanger human lives.

Key supply chain hack impacts:

• £300M estimated loss at M&S
• Thousands of NHS appointments delayed
• Confirmed patient fatality linked to attack
• Retail and healthcare identified as top targets

Supply chain hacks force regulatory overhauls

Governments are now taking action. The EU’s NIS2 Directive, active since 2024, extends cybersecurity obligations to more critical sectors, including third-party providers. It mandates stronger supply chain oversight and tighter reporting protocols.

In the UK, a Cyber Security and Resilience Bill is on the table. It replaces the 2018 NIS regulations and brings managed service providers and data centres under direct scrutiny. New rules will also enforce more frequent breach reporting and place the burden of risk squarely on larger tech partners.

As attacks grow more targeted and damaging, the question isn’t whether supply chain hacks will happen—it’s how prepared organizations are when they do.