Two London hospital trusts have been forced to cancel all non-emergency operations and blood tests following a “major” cyber attack.

Pathology systems at Kings College Hospital Foundation Trust and Guy’s and St Thomas’ Hospitals Foundation Trusts and GP services across South London, have been hit by a ransomware attack, according to emails seen by The Independent.

Synnovis is the supplier of blood tests, swabs, bowel tests and other services for hospitals serving NHS patients across six London boroughs.

The supplier covers Guy’s Hospital, which runs children’s hospital the Evelina, Harefield Hospital, King’s College Hospital, Princess Royal University Hospital, Royal Brompton Hospital and St Thomas’ Hospital.

Synnovis warned the NHS trusts on Monday that it had been hit by a major malware attack, impacting tens of thousands of patients, according to sources close to the hospitals.

In a second email on Tuesday, seen by The Independent, it confirmed it has been hit by a ransomware attack.

GPs have been told to cancel all non-emergency pathology appointments, while hospital staff have been told to request emergency blood samples only for patients who require transfusions.

The National Cyber Security Center is now involved, while NHS England has declared a level three incident – the second highest alert level.

In a message to staff on Monday, Guy’s and St Thomas’ said: “Synnovis, the pathology provider for both King’s and Guy’s and St Thomas’, informed us of a major incident with ICT systems.”

A senior NHS source told The Independent that transplants have been impacted as patients cannot have their blood tests crosschecked and that healthcare leaders in London have been warned the incident could take “weeks or months” to resolve.

In a separate message, Synnovis said there would be delays for patients receiving results, and GPs have been asked to cancel all non-urgent blood test appointments.

“Given the nature and magnitude of this attack, this is an evolving situation,” it said.

The emails say it is unclear how long the issue will last.

In the second email, Synnovis told staff: “This is a harsh reminder that this sort of attack can happen to anyone at any time and that, dispiritingly, the individuals behind it have no scruples about who their actions affect.

“This incident is being reported to law enforcement and the Information Commissioner, and we are working with the National Cyber Security Centre and the Cyber Operations Team.”

The National Cyber Security Centre and the National Crime Agency have been contacted for comment.

A government spokesperson said: “The Department of Health and Social Care, NHS England and the National Cyber Security Centre are working together to investigate a cyber incident affecting a number of NHS organisations in South East London.

“Patient safety is our priority and support is being offered to the impacted organisations.”

A spokesperson for NHS England London region said: “On Monday 3 June Synnovis, a provider of lab services, was the victim of a ransomware cyber attack.

“This is having a significant impact on the delivery of services at Guy’s and St Thomas’, King’s College Hospital NHS Foundation Trusts and primary care services in south east London and we apologise for the inconvenience this is causing to patients and their families.

“We are working urgently to fully understand the impact of the incident with the support of the government’s National Cyber Security Centre and our Cyber Operations team.”

It said emergency care continues to be available so patients should access services in the normal way.

This story was updated with a response from NHS England and the government, and at 16:14 following new information received by The Independent regarding the nature of the cyber attack.