Single cyberattack impacted three Liverpool hospitals
All comes back to a shared digital gateway
The cyberattack that hit Alder Hey Children's NHS Foundation Trust last week impacted three different NHS organisations through a shared service.
As well as Alder Hey, Liverpool Heart and Chest Hospital (LHCH) and the Royal Liverpool University Hospital (RLUH) were both impacted.
The attack, which occurred on 28th November, targeted a shared digital gateway used by Alder Hey and LHCH.
Preliminary findings suggest that a small amount of data from RLUH was also compromised.
"Criminals gained unlawful access to data through a digital gateway service shared by Alder Hey and Liverpool Heart and Chest Hospital," the Trust said.
"This has resulted in the attacker unlawfully getting access to systems containing data from Alder Hey Children's NHS Foundation Trust, Liverpool Heart and Chest Hospital, and a small amount of data from Royal Liverpool University Hospital."
The Trust said it is working to uncover the full extent of the breach, which was announced last week, including the specific data that was accessed. However, the investigation is expected to take "some time," raising concerns that the attackers could release the data publicly in the interim.
The ransomware group INC, known for targeting healthcare organisations, has claimed responsibility for the attack.
Screenshots allegedly showing sensitive information extracted from the breached systems have already been published online. The leaked data includes a range of personal information, such as names, addresses, medical records and financial details.
The compromised data is believed to span from 2018 to 2024.
While the number of individuals affected remains unclear, Alder Hey reassured the public that hospital services, including patient appointments, are running normally.
The Trust also said impacted systems are being reconnected safely, with guidance from the Information Commissioner's Office (ICO) to address any legal and security implications.
The cyberattack follows a similar incident at Wirral's Arrowe Park Hospital on 25th November, which led to a major incident declaration.
The hospital faced major disruptions, including long A&E wait times and cancelled appointments. While the situation has been downgraded to a business continuity incident, some services remain affected as the hospital works to restore its systems.
Merseyside Police is collaborating with the National Crime Agency and National Cyber Security Centre to investigate the attacks and provide necessary support.
As the Liverpool hospitals work to recover from these incidents, patients are urged to only seek emergency care for urgent health issues.
"People's medical data is highly sensitive information, not only do people expect it to be handled carefully and securely, organisations also have a responsibility under the law," an ICO spokesperson said.
"Anyone who has concerns about how their information has been handled should raise it with the organisation first, then report them to us if they are not satisfied with the response."
It has been a difficult year for the NHS, with multiple trusts affected by cybersecurity incidents.
In June, a ransomware attack on Synnovis, a pathology services provider, led to the cancellation of thousands of appointments and procedures.
In March, the INC Ransom group claimed responsibility for the attack on NHS Dumfries and Galloway Health Board in Scotland, boasting possession of three terabytes of data obtained from board.