Alder Hey children’s hospital explores ‘data breach’ after ransomware claims

A ransomware gang claims to have stolen data from the Alder Hey children’s hospital in Liverpool, allegedly including patient records.

The INC Ransom group said it had published screenshots of data on the dark web that contained the personal information of patients, donations from benefactors and procurement information.

Sources confirmed that snapshots of spreadsheets purporting to be from Alder Hey’s systems had been displayed on the INC site carrying the message “evidence of large scale data”. There were 11 screenshots, understood to contain names, addresses, medical reports and financial papers.

The Alder Hey children’s NHS foundation trust said it was aware of the alleged leak and was working to verify whether the data belonged to the hospital.

“We are aware that data has been published online and shared via social media that purports to have been obtained illegally from systems shared by Alder Hey and Liverpool Heart and Chest hospital NHS foundation trust. We are working with partners to verify the data that has been published and to understand the potential impact,” the trust said.

Alder Hey treats more than 450,000 patients a year making it one of Europe’s busiest children’s hospitals. It said its services were operating as normal and patients should continue to attend appointments.

The hospital said it was working with the National Crime Agency to secure its IT systems and that the alleged data theft was not linked to another “cyber incident” that occurred this week at the nearby Wirral university teaching hospital NHS trust. 

Read full story

Source: The Guardian, 29 November 2024