Ransomware Gang Targets NHS Children’s Hospital

Ransomware gang INC Ransom claims Alder Hey breach, exposing patient data; hospital assures services unaffected, works with NCA investigation.

A ransomware group has claimed responsibility for a data breach involving Alder Hey Children’s Hospital in Liverpool and the Liverpool Heart and Chest Hospital NHS Foundation Trust, as reported by The Register.

The incident marks the second alleged intrusion on NHS systems in England this week, following a cyberattack on the nearby Wirral University Teaching Hospital NHS Trust, noted The Register.

The two incidents are reportedly unrelated, though their geographic proximity has raised concerns. INC Ransom, a group known for a similar attack on NHS Scotland earlier this year, claims to have stolen sensitive data from Alder Hey and Liverpool Heart and Chest, says The Register.

The stolen information allegedly includes patient names, addresses, medical records, donor information, and financial documents, with records dating back to 2018. The group has reportedly shared samples of the data online to pressure the hospitals into meeting its demands, says The Register.

The escalating threat aligns with warnings from the World Health Organization (WHO), which recently described ransomware as a “life-or-death crisis” for healthcare systems.

In a Security Council meeting, WHO Director-General Tedros Adhanom Ghebreyesus emphasized that such attacks cripple hospital functionality, endanger lives, and cost billions annually.

In a statement, Alder Hey confirmed it is aware of data being shared online and is working with the National Crime Agency (NCA) and other partners to verify its authenticity.

“We are taking this issue very seriously,” the hospital said, adding that its systems are being secured in line with law enforcement advice.

This incident comes amid an ongoing cyberattack on the Wirral NHS Trust, believed to be perpetrated by a rival group, RansomHub. While the Wirral attack has caused significant disruption, Alder Hey has assured the public that its operations remain stable, as reported by The Register.

Ransomware attacks on NHS organizations are not uncommon, but two incidents in the same region within a week are unusual, noted The Register.

Alder Hey, one of Europe’s largest and most prominent children’s hospitals, is a leader in medical research and pediatric care, making it a high-profile target.

The NCA has yet to comment on the investigation, and Alder Hey has urged patients and donors to remain vigilant as authorities work to assess the full impact of the breach.