INC Ransomware Targets Alder Hey and Liverpool Heart and Chest Hospital in a Cyberattack
A significant cyberattack has compromised the systems of Alder Hey Children’s Hospital and Liverpool Heart and Chest Hospital NHS Foundation Trust, resulting in a serious Alder Hey Children’s Hospital data breach.
The ransomware group, INC, known for targeting healthcare organizations, has claimed responsibility and published a sample of stolen data on the dark web. This alarming Alder Hey Children’s Hospital data breach includes sensitive patient information, spanning from 2018 to 2024.
The leaked data, according to INC, comprises names, addresses, medical reports, donation details, and other financial documents. Eleven screenshots showcasing this stolen information have been posted online, highlighting the severity of the Alder Hey Children’s Hospital data breach. The incident underscores the growing vulnerability of NHS trusts to sophisticated cyberattacks and the urgent need for enhanced cybersecurity measures.
Alder Hey Responds to the Data Breach
Alder Hey Children’s NHS Foundation Trust, responsible for one of Europe’s busiest pediatric hospitals, has acknowledged the incident and is actively working to verify the authenticity of the leaked data.
In a statement released on Thursday, Alder Hey stated: “We are aware that data has been published online and shared via social media that purports to have been obtained illegally from systems shared by Alder Hey and Liverpool Heart and Chest Hospital NHS Foundation Trust. We are taking this issue very seriously and are working with the National Crime Agency (NCA) as well as partner organisations to secure our systems and to take further steps in line with law enforcement advice as well as our statutory duties relating to patient data.”
The hospital has reassured the public that its services are operating normally and urged patients to attend their scheduled appointments. This assurance aims to mitigate any anxiety caused by the Alder Hey Children’s Hospital data breach. The hospital’s proactive response, involving collaboration with law enforcement and cybersecurity agencies, is crucial in addressing the immediate and long-term consequences of this incident.
National Response and Wider NHS Concerns
The National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) are actively involved in the investigation, working closely with both hospitals to determine the full extent of the breach and mitigate its impact.
An NCA spokesperson confirmed their involvement, stating: “We are aware of an incident affecting Alder Hey Children’s Hospital and the Liverpool Heart and Chest Hospital. NCA officers are working alongside the National Cyber Security Centre and the hospital trusts to understand its impact.”
This incident is the latest in a series of cybersecurity incidents affecting NHS trusts in the past year. Recent attacks include a cyberattack at Wirral University Teaching Hospital NHS Trust, causing widespread system outages and forcing a reliance on pen-and-paper methods, and a ransomware attack on Synnovis, a pathology services provider, resulting in thousands of cancelled appointments.
The increasing frequency of these attacks highlights the vulnerability of the NHS to cyber threats and the need for robust cybersecurity infrastructure and protocols. The Alder Hey Children’s Hospital data breach serves as a stark reminder of this ongoing challenge. The scale of the data breach, involving sensitive patient information spanning several years, necessitates a thorough investigation to determine the extent of the compromise and to implement measures to prevent future incidents.
The collaboration between the hospital, the NCA, and the NCSC is essential in addressing this significant cybersecurity challenge. The incident also raises broader questions about data security within the NHS and the need for proactive measures to protect sensitive patient information.
