Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
A ransomware gang targets one of the largest children’s hospitals in Europe, though the hospital asserts no children’s data appears to be impacted.
The INC Ransom ransomware gang has listed Alder Hey Children’s NHS Foundation Trust as a victim on its darknet leak site and shared the medical records of several patients to prove the success of the hack.
The hackers listed the hospital on 28 November, with the hospital confirming the incident on 4 December.
“Criminals gained unlawful access to data through a digital gateway service shared by Alder Hey and Liverpool Heart and Chest Hospital,” the hospital said in an incident update on its website.
“This has resulted in the attacker unlawfully getting access to systems containing data from Alder Hey Children’s NHS Foundation Trust, Liverpool Heart and Chest Hospital, and a small amount of data from Royal Liverpool University Hospital.”
Hospital services were unaffected by the hack, and patients were advised to attend appointments as normal.
“Work is continuing with the National Crime Agency to secure impacted systems and to take further steps in line with law enforcement advice,” the hospital said.
“We are also following guidance from the Information Commissioner’s Office and will ensure that anyone impacted by this data breach is contacted directly and supported.”
In a second update on 5 December, the hospital said that while some patient data appears to be impacted, “we do not believe the data published or accessed unlawfully relates to children and young people”.
However, while no children’s data appears to have been accessed, the documents that INC Ransom has already published include medical reports belonging to adult patients. The personal details include names, dates of birth, details of medical procedures and outcomes. Other documents include the personal details of hospital donors and their donations, cost improvement plans, and financial data.
According to the hackers, the documents date from between 2018 and 2024, and while the total amount of data exfiltrated has not been disclosed, INC Ransom said the breach included “large-scale data”.
INC Ransom has not listed a ransom demand nor a date when it will publish the full dataset.
Meanwhile, the hospital is continuing to investigate the incident.
“We are continuing to take this issue very seriously while investigations continue into whether the attacker has obtained confidential data. The investigation into the data may take some time, and there is a possibility that the attacker may publish the data before our investigation is concluded,” the hospital said.
Alder Hey Children’s NHS Foundation Trust is continuing to work with the UK’s National Crime Agency and the Information Commissioner’s Office.
“As soon as we are able to update on the impact to people’s data, we will provide a further update,” the hospital said.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
