Merseyside hospital declares ‘major incident’ after apparent cyberattack

Patients sent home from emergency department as staff say ‘everything is down’

Image:

Merseyside hospital declares ‘major incident’ after apparent cyberattack. Source: Rept0n1x, Wikimedia

Arrowe Park Hospital in the Wirral, Merseyside, declared a "major incident" on Monday evening.

Local paper the Liverpool Echo reports that an internal email sent to staff said the cause is a "cyber incident".

On Monday evening, people were asked to avoid attending the hospital's emergency department unless they have a genuine medical emergency, with one patient reporting that non-urgent cases were being asked to go home and come back the next day.

A staff member told Echo reporters: “Everything is down. Everything is done electronically so there’s no access to records, results or anything so we are having to do everything manually, which is really difficult. The damage is huge."

A notice on the website of the Wirral University Teaching Hospital, which uses the Arrowe Park premises, says: “A major incident has been declared at the Trust for cyber security reasons.

“Our business continuity processes are in place, and our priority remains ensuring patient safety. All outpatient appointments scheduled today are cancelled. We apologise for any inconvenience and we will contact our patients as soon as possible to rearrange.

“We urge all members of the public to attend the Emergency Department only for genuine emergencies. For non-urgent health concerns, please use NHS 111, visit a walk-in centre, urgent treatment centre, your GP, or pharmacist.”

Merseyside police have said they are not investigating the incident.

If the incident does turn out to be a cyberattack, it will be the latest of a string of such breaches targeting medical facilities.

In the summer, London's healthcare system was thrown into crisis after a major cyberattack crippled a key pathology provider Synnovis, forcing two NHS trusts to cancel all non-emergency operations and blood tests and leading to the leaking of sensitive data onto the web, by Russian threat group Qilin.

In 2021, the Irish Health Service Executive (HSE), suffered a devastating ransomware attack by the Conti gang which encrypted critical systems, again with the publishing of sensitive data. In both cases the damage took months to rectify.

Commenting on the apparent attack on Arrowe Park Hospital, Trevor Dearing, director of critical infrastructure at security vendor Illumio, said "Hospitals are prime targets for cyberattacks due to the massive disruption they can cause—and as more connected devices and open Wi-Fi networks emerge, these attacks will only grow.

"In the case of Arrowe Park, it is positive to see business continuity plans in place, but any compromise to patient services can put lives at risk. It’s vital that all hospitals focus on reducing the impact of attacks by building containment capabilities to reduce the impact on critical services."

The UK government warned this week about the looming threat of Russian cyberattacks, saying Moscow could exploit its expanding cyber capabilities to strike critical infrastructure and businesses in the UK and other NATO member states.