Ransomware Targets UK Hospitals: Data Breaches and Service Shutdowns Reported

Crucial data from multiple hospitals across the UK has been compromised in the past few weeks. Russian ransomware group, Inc Ransom, claimed responsibility for two of the attacks. 

This series of cyberattacks kicked off with Alder Hey Children’s. They confirmed the attack on November 28th in a security advisory. Wirral University Teaching Hospital (WUTH) was also hit around the same time, as mentioned in their incident report. However, it is believed that the two incidents are separate. 

While Alder Hey has yet to confirm, the stolen data may include patient records, donor reports, and procurement data from 2018 to 2024. Inc Ransom, a group of Russian Hackers, claimed responsibility for the attacks. TechCrunch reported that samples of this alleged stolen data have surfaced on the dark web, including patient records containing sensitive health information and identifiable information like date of birth and address. 

In their statement report, Alder Hey Children’s stated: “We are taking this issue very seriously and are working with the National Crime Agency as well as partner organisations to secure our systems and to take further steps in line with law enforcement advice and our statutory duties relating to patient data.”

However, in a second statement published on Wednesday, Alder Hey determined that the hackers compromised a “digital gateway service” used by multiple NHS hospitals. This also gave hackers access to data from Royal Liverpool University Hospital and Liverpool Heart and Chest Hospital. Again, in this statement, Alder Hey reassured, “We are continuing to take this issue very seriously while investigations continue into whether the attacker has obtained confidential data.”

Alder Hey claims that its services are unaffected and run normally despite the severe nature of the attack. WUTH, on the other hand, had to declare a major incident and shut down its systems. It is trying to restore the systems, but it acknowledged that some services will “continue to be affected.” 

This is not the first time that Inc Ransom has targeted the NHS. According to HackRead, in March of 2024, the group attacked NHS Scotland, stealing three terabytes of patient data.

While the UK government has not commented, it published a strategy last year to make the NHS more resilient to cyberattacks and proposed introducing the Cyber Security and Resilience Bill to parliament in 2025. 

Leave a Comment