Ransomware hackers continue their attack on National Health Service trusts across the UK by breaching multiple hospitals, leaking sensitive patient data and disrupting emergency services.
Inc Ransom, the prolific Russia-linked ransomware group that claimed responsibility for the attack on Scotland's NHS earlier this year, claims to have compromised Alder Hey Children's Hospital Trust, one of Europe's largest children's hospitals. are.
In a post on its dark web leak site, Inc Ransom claims to have stolen patient records, donor reports, and procurement data from Alder Hey from 2018 to 2024. A sample of the allegedly stolen data seen by TechCrunch includes records containing sensitive patient health information in addition to personally identifiable information such as dates of birth and addresses.
In a statement released on Wednesday, Alder Hey, which first confirmed the cybersecurity incident on November 28, said its “digital gateway service” used by several hospitals to access its systems was compromised by hackers. It was determined that there had been a violation of the law. This gave the hackers access to data belonging to the Children's Hospital, along with data from Liverpool Cardiothoracic Hospital and Royal Liverpool University Hospital, the statement said.
“The attackers claim to have extracted data from the affected systems,” Alder Hey said in a statement Wednesday. “We continue to take this matter seriously as the investigation continues into whether the attackers obtained sensitive data.”
Alder Hey said hospital services had not been affected and it was continuing to operate as normal, but warned that the attackers “may release data before the investigation is complete”.
Separately, Wirral University Teaching Hospital, located just a few miles from Alderhey, was also targeted by a ransomware attack, which was forced to declare a “major incident” last week after it took down its systems.
Wirral Teaching Hospitals manages a group of hospitals in the North West of England, including Arrow Park Hospital, Clatterbridge Hospital and Wirral Women's and Children's Hospital.
While the chaos caused by this cyberattack is still ongoing, major ransomware groups have yet to claim damage. In a statement posted on its website on Wednesday, Wirral Hospitals Trust said it was in the process of restoring its clinical systems, but some services “continue to be affected”.
“While urgent care is being prioritized, waiting times may still be longer than usual in emergency departments and consultation areas,” the trust said. “We urge all citizens to go to the emergency room only in cases of true emergencies.”
The NHS has long been an attractive target for ransomware hackers. Earlier this year, the health service was given a 'critical rating' after a cyber attack on pathology service provider Synovis led to a major data breach and caused months of disruption, including canceled surgeries and diversion of emergency patients. An incident has been declared. The Qilin ransomware group, which claimed responsibility for the attack, also leaked 400 gigabytes of sensitive data allegedly stolen from Synovis, including highly sensitive patient details.
The UK government has not commented on the attack, but last year it announced a five-pronged strategy aimed at making the NHS more resilient to cyberattacks by 2030. This comes just months after a cyberattack on IT service provider Advanced caused extensive damage. NHS services disrupted across the UK
The UK government has also announced that it will introduce a Cybersecurity and Resilience Bill to Parliament in 2025 that would require reporting of ransomware attacks.