Introduction
In late November, three NHS hospitals in Liverpool fell victim to a ransomware attack orchestrated by the Russian group INC Ransom. This cyberattack compromised sensitive data, prompting a coordinated response from various agencies to mitigate the impact and secure the affected systems.
Description
Three NHS hospitals in Liverpool—Alder Hey Children’s NHS Foundation Trust [1], Liverpool Heart and Chest Hospital [1] [2], and Royal Liverpool University Hospital—were targeted in a ransomware attack attributed to the Russian group INC Ransom. The breach was detected on 28th November and publicly disclosed on 4th December. The attackers claimed to have accessed sensitive data, including patient records [2], donor reports [2], and procurement information spanning from 2018 to 2024 [2], and have begun leaking this information on their Dark Web forum, providing screenshots as evidence.
Alder Hey Hospital is actively investigating the extent of the data breach [1], which reportedly occurred through a shared digital gateway service [2], while implementing security measures to safeguard its systems and prevent further unauthorized access. Despite the attack [1] [2], Alder Hey has assured that hospital services remain operational [2], and patients are encouraged to attend their appointments as scheduled.
Merseyside Police are working in conjunction with the British National Crime Agency and the National Cyber Security Centre to address the situation, and the Information Commissioner’s Office is also involved in the investigation [2]. Individuals affected by the breach are being notified [2], and Alder Hey has committed to transparency throughout the review process, acknowledging the risks associated with potential data publication [2].
Conclusion
The ransomware attack on Liverpool’s NHS hospitals underscores the critical need for robust cybersecurity measures in healthcare institutions. While the immediate focus is on mitigating the breach’s impact and securing systems, the incident highlights the ongoing threat posed by cybercriminals. Moving forward, it is imperative for healthcare providers to enhance their digital defenses and for authorities to continue developing strategies to prevent such attacks and protect sensitive data.
References
[1] https://www.cybersecurityintelligence.com/blog/british-nhs-hospitals-under-attack-8120.html
[2] https://www.halcyon.ai/attacks-news/ransomware-on-the-move-kairos-argonauts-ransomhub-akira
