Search the hub

A cyber attack disabled alarm systems used by staff at a high-security psychiatric hospital, HSJ can reveal. West London Trust, which runs Broadmoor hospital in Crowthorne, Berkshire, is still trying to fix the system after an attack which it says took place in January. The facility was forced to use extra alarms, radios and staff “in order to respond to incidents in a timely fashion”, a trust board report from April said. High-secure hospitals are used for patients who have been detained under mental health legislation or present an immediate risk of harm to others, and have the same security arrangements as category B prisons. Staff have access to alarms for their safety and that of their patients. In a board report last week, West London Trust said clinical and operational services continued to operate with “minimal” disruption to patients. It said the organisation’s “cyber posture” would be enhanced to “limit the impact of future incidents”. Read full story (paywalled) Source: HSJ, 19 June 2025

The NHS has confirmed nearly 200 patients were harmed as a result of a major cyber attack last year. One year on from the ransomware attack that shut down the IT systems used by south east London’s pathology provider Synnovis, managers confirmed nearly 600 incidents, of which 170 involved patient care suffering. This includes one case of “severe” harm, which has prompted a patient safety incident investigation at King’s College Hospital Foundation Trust, 14 examples that were classed as “moderate”, and another 155 defined as “low harm”. The attack in June 2024 left GPs across six boroughs unable to order blood tests, and more than 1,000 inpatient procedures were cancelled at two large hospital trusts. The attack meant the pathology IT systems depended on by two of England’s biggest provider trusts – Guy’s and St Thomas’ and King’s College Hospital foundation trusts – and 192 GP practices were largely inoperable. Large quantities of tests in primary care were deferred or cancelled; and those carried out had to be sent to the pathology networks in north central and south west London. The hospitals were unable to carry out some procedures involving blood transfusion, including surgery, with many diverted to other providers. Some cancer treatments were also delayed or diverted, as well as some transplants and specialist maternity work. Read full story (paywalled) Source: HSJ, 18 June 2025

Two cyberattacks affecting the NHS last year put patients at risk of clinical harm, according to official data obtained by Recorded Future News. The data, recorded by the government under the Network and Information Systems (NIS) Regulations and obtained under the Freedom of Information Act, does not identify specific incidents but highlights the growing threat that financially motivated cyber incidents pose to public safety. It follows the head of the National Cyber Security Centre, Richard Horne, telling cybersecurity practitioners earlier this month that their work was “not just about protecting systems, it’s about protecting our people, our economy, our society, from harm.” One of the two incidents is likely to be the ransomware attack on pathology services provider Synnovis, which severely disrupted care at a large number of National Health Service (NHS) hospitals and care providers in London by delaying and cancelling operations and appointments. Criminals similarly disrupted care in an attack on Wirral University Teaching Hospital NHS Foundation Trust, causing delays to cancer treatments as reported by The Register. The government data records no incidents that led to excess fatalities or excess casualties, the two highest categories for NIS incidents. Two incidents, however, passed the threshold of the third category of causing potential clinical harm to more than 50 patients, with clinical harm defined as harm resulting from medical care or the lack of it. Patient safety concerns in England and Wales, potentially including concerns resulting from cyberattacks, are investigated by the Health Services Safety Investigations Body (HSSIB). HSSIB’s chief executive Dr Rosie Benneyworth told Recorded Future News that while the board hadn’t “carried out specific investigation work examining the impact of cyberattacks […] as expert independent investigators, we understand the impact of emerging risks, and we can see that there is potential with a cyber attack to make patient safety incidents more likely.” Read full story Source: The Record, 19 May 2025

Sensitive patient information has allegedly been leaked on the dark web after Genea, one of Australia’s leading IVF and fertility services providers, was hacked a fortnight ago. The attack was allegedly carried out by the Termite ransomware group, prompting Genea to obtain a court injunction on Wednesday that criminalises access to the breached patient data. In a statement, Genea said: “Our ongoing investigation has established that on the 26 of February, data taken from our systems appears to have been published externally by the threat actor.” “We understand that this development may be concerning for our patients for which we unreservedly apologise.” Sensitive information including contact details, Medicare card numbers, medical histories, test results and medications may have been compromised in the data breach, Genea said, and it was “working to understand precisely what data has been published”. Read full story Source: the Guardian, 26 February 2025

A major private provider of NHS services has been hit by a cyber attack, taking down its network and potentially breaching patient data. HCRG Care Group, which was formerly Virgin Care, confirmed it was looking into claims made by a ransomware group that more than two terabytes of sensitive information had been breached. HCRG provides community services for the NHS in Kent, Surrey and Bath, North East Somerset, Swindon and Wiltshire. An HCRG spokesperson said: “We can confirm that we are currently investigating an IT security incident and have recently identified a post on the dark web by a group claiming responsibility. Our team has not observed any suspicious activity since the implementation of immediate containment measures, and we are working with external forensic specialists to investigate the incident. ”We have informed the [Information Commissioner] and regulators and are keeping them updated on our investigation. Our services are continuing to operate and safely see patients, and those with appointments or who need to access our services should continue to do so.” Read full story (paywalled) Source: HSJ, 20 February 2025

Two recent cyber attacks that cost the NHS millions of pounds and led to patients’ data being published online could have been mitigated with basic security measures, an integrated care board has found. Wirral University Teaching Hospitals Foundation Trust was hit by a “targeted” cyber attack in November, which lasted about nine days, then three other trusts in Merseyside were hit in early December in an unconnected incident. WUTH was forced to take its Cerner electronic patient record system offline, while some activity was either cancelled or rescheduled, which the trust has confirmed amounted to a loss of around £3m. A report to its board said its cancer performance “will take months to recover”. In an update to ICB executives, chief digital information officer John Llewellyn said: “The incidents above may have been mitigated if core cyber security standards had been adhered to… There are still significant gaps in compliance with basic security standards in multiple organisations which, in turn, lead to vulnerabilities for all organisations because of the interconnected/cross organisational patient flows, clinical services (such as pathology and imaging) and supporting digital infrastructure and clinical systems. “These are just examples, however, and there are many other technical aspects to cyber risk that need to be shared, understood and proactively managed in order to manage and mitigate these as effectively as possible.” Read full story (paywalled) Source: HSJ, 6 February 2025

A cyber attack has forced a US non-profit blood donor centre to postpone appointments despite declaring blood shortages just one week earlier. New York Blood Center Enterprises announced that it had “identified suspicious activity” affecting its IT systems on on 26 January 2025. In a statement, published on 29 January, it said: “We immediately engaged third-party cybersecurity experts to investigate and confirmed that the suspicious activity is a result of a ransomware incident. “We took immediate steps to help contain the threat and are working diligently with these experts to restore our systems as quickly and as safely as possible. Law enforcement has been notified.” On 1 February and 2 February 17 blood drives were cancelled as a result of the cyber attack. The centre, which is the largest independent blood supplier in the New York City area, confirmed that although it is still accepting blood donations, “processing times may be longer than normal”. There is no estimated timetable for fully restoring its operations. The attack echoes the ransomware attack on NHS pathology provider Synnovis in June 2024, which led to NHS Blood and Transplant urgently calling for donations of O Positive and O Negative blood to boost stocks. Read full story Source: Digital Health, 3 February 2025

The European Commission has introduced an action plan to strengthen the cybersecurity of hospitals and healthcare providers across the European Union (EU). The initiative includes creating a pan-European Cybersecurity Support Centre, managed by the European Network and Information Security Agency, to address the rising number of cyber threats targeting healthcare institutions. In 2023 alone, 309 significant incidents were reported in healthcare, more than in any other critical sector. “The healthcare sector faces the highest proportion of high-impact cybersecurity incidents,” Robin van Kessel, PhD, a Hoffmann fellow in health system financing and payment models at the London School of Economics, London, United Kingdom, and the World Economic Forum, told Medscape Medical News. This disproportionate impact reflects the fact that healthcare organisations store a large amount of sensitive patient data, including medical histories, diagnoses, and treatment information. Cyberattacks on healthcare systems can disrupt critical medical services, thus causing potentially severe consequences for patient care and safety. Read full story Source: Medscape Medical News, 27 January 2025

At least two patients have suffered long-term or permanent damage to their health as a result of the cyber attack on NHS pathology provider Synnovis, latest figures have revealed. The ransomware attack on the 4 June 2024, caused widespread disruption to NHS services in London, with 10,152 acute outpatient appointments and 1,710 elective procedures postponed at King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust. Initial figures released by NHS South East London Integrated Care Board (ICB) in November 2024, recorded five cases of moderate harm and 114 cases of low harm as a result of the attack, but did not report any cases of serious harm. However, NHS data obtained by Bloomberg News revealed that healthcare professionals across at least four London boroughs recorded two cases of severe harm, 11 cases of moderate harm, and more than 120 cases of low harm as a direct consequence of the cyber attack. Responding to the latest figures, Helen Hughes, Chief Executive at Patient Safety Learning, told Digital Health News: “This latest update highlights the significant risks to patient safety posed by cyber attacks. These events not only disrupt care and treatment but can result in serious avoidable patient harm." “When cyber attacks occur, healthcare providers need to be vigilant of risks to the safety of vulnerable patients from delays to care and treatment." “They should also have robust plans to recover services, prioritising patient safety, and must ensure that there are appropriate escalation routes to minimise future harm.” Read full story. Source: Digital Health, 23 January 2025

Fraudsters have stolen more than £100m from the NHS in the past five years, exploiting weaknesses in IT systems to commit crimes ranging from stealing credit card data to hacking supplier emails, The Independent can reveal. Scams have cost the NHS the equivalent of funding more than 2,000 senior nurses’ salaries for a year or providing over 20,000 rounds of radiotherapy for cancer patients. Experts warned that the “inexcusable” losses, revealed as part of an Independent investigation, were ones the already overstretched health service can “ill afford”, calling for the NHS to protect itself better against fraud. Read full story Source: The Independent, 31 December 2024

Cyber security teams are investigating the fifth suspected attack on the NHS to have taken place last week. HSJ can reveal Medway Community Health shut down some systems last week after suspicious activity. The incident comes after declared cyber incidents at Alder Hey Children’s Foundation Trust, Royal Liverpool University Hospital and the Liverpool Heart & Chest Hospital last week. Last week also saw the end of an incident from a fortnight ago at Wirral University Teaching Hospital FT. The three NW trusts with an ongoing incident last week said in a statement: “Criminals gained unlawful access to data through a digital gateway service hosted by Alder Hey. This digital gateway is shared by Alder Hey and Liverpool Heart and Chest Hospital. “This has resulted in the attacker unlawfully getting access to systems containing data from Alder Hey Children’s, Liverpool Heart and Chest Hospital, and a small amount of data from Royal Liverpool University Hospital. We have launched an investigation which is still ongoing to determine the full facts around what data has been obtained unlawfully.” The trusts would not confirm how many patient records had been accessed online, but said “we do not believe the data published or accessed unlawfully relates to children and young people”. Read full story (paywalled) Source: HSJ, 9 December 2024

A ransomware gang claims to have stolen data from the Alder Hey children’s hospital in Liverpool, allegedly including patient records. The INC Ransom group said it had published screenshots of data on the dark web that contained the personal information of patients, donations from benefactors and procurement information. Sources confirmed that snapshots of spreadsheets purporting to be from Alder Hey’s systems had been displayed on the INC site carrying the message “evidence of large scale data”. There were 11 screenshots, understood to contain names, addresses, medical reports and financial papers. The Alder Hey children’s NHS foundation trust said it was aware of the alleged leak and was working to verify whether the data belonged to the hospital. “We are aware that data has been published online and shared via social media that purports to have been obtained illegally from systems shared by Alder Hey and Liverpool Heart and Chest hospital NHS foundation trust. We are working with partners to verify the data that has been published and to understand the potential impact,” the trust said. Alder Hey treats more than 450,000 patients a year making it one of Europe’s busiest children’s hospitals. It said its services were operating as normal and patients should continue to attend appointments. The hospital said it was working with the National Crime Agency to secure its IT systems and that the alleged data theft was not linked to another “cyber incident” that occurred this week at the nearby Wirral university teaching hospital NHS trust. Read full story Source: The Guardian, 29 November 2024

NHS England is planning to develop a platform for assessing and managing the cyber risk in healthcare organisations. It has indicated that it is preparing to publish a tender document for a cyber risk rating platform, and has ran a market engagement event with potential suppliers on its plans. It said the platform would enable NHS organisations to better understand their security posture and how to mitigate potential threats that could impact on their operational activities, including the availability and management of patient data. The move reflects the increasing focus on cyber security in the NHS. In September NHS England announced a plan to adopt the Cyber Assessment Framework as its main mechanism for assuring relevant standards, and in October the Government’s Budget provided £2 billion for technology in the health service with an indication that this should include spending on cyber security. NHS England also publishes cyber alerts for organisations in the sector. Read full story Source: UK Authority, 27 November 2024

A major incident has been declared at a hospital "for cyber security reasons". In a statement on their website, Wirral University Teaching Hospital said the ongoing incident at the Trust is likely to impact performance at Arrowe Park Hospital in Wirral. The hospital has asked people to only attend the hospital if they have "a genuine emergency". “The Trust business continuity processes are in place and our focus remains on maintaining patient safety," a hospital spokesperson said. The statement added: “However, this issue is likely to result in longer waits in the emergency department and assessment areas. “Please only attend the emergency department if you have a genuine emergency. “If it’s not an emergency, please visit 111, use a walk-in centre, an urgent treatment centre, a GP or pharmacist." Read full story Source: BBC News, 26 November 2024

The cyber attack on NHS pathology provider Synnovis caused at least 119 incidents of patient harm, including at least five cases of “moderate” harm, according to figures provided by South East London Integrated Care Board (ICB). Healthcare services in London were disrupted by the attack in June 2024, with an NHS London update on 4 October showing that 10,152 acute outpatient appointments and 1,710 elective procedures were postponed at King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS FT. South East London ICB told Digital Health News that of 498 patient safety incidents linked to the attack, 114 were deemed to have caused “low harm” and five at Guy’s and St Thomas’ caused “moderate” harm. There are also 91 related patient safety incidents being reviewed – 67 at King’s College Hospital and 24 at South London and Maudsley NHS Foundation Trust. Helen Hughes, chief executive of Patient Safety Learning, told Digital Health News: “In addition to these recorded cases of harm, this incident may have resulted in further patient harm that is more difficult to capture. “Disruption caused by cyber attacks often results in significant delays to care and treatment, with longer waits having a particularly serious impact on patients with chronic conditions and worsening health. “The impact of these delays will only be seen over time.” Read full story Source: Digital Health, 12 November 2024

A cyber attack which crippled a region’s pathology system for three months caused only five cases of “moderate” harm and no significant harm, the NHS has claimed. The Synnovis cyber attack in June left GPs across six boroughs in London unable to order blood tests, and more than 1,000 inpatient procedures were cancelled at two large hospital trusts. But South East London Integrated Care Board said this week 498 incidents linked to the attack had been assessed, and all of them were judged to have done either “no harm” or “low harm” — except for five at Guy’s and St Thomas’ hospitals, which were assessed as “moderate” harm. The NHS’s incident response process judges “moderate” harm as where a patient “did not need immediate life-saving intervention” but needed or is likely to need other follow-up care. It is also triggered by them limiting a patient’s independence for less than six months or “affect[ing] the success of treatment, but without meeting the criteria for reduced life expectancy or accelerated disability.” Read full story (paywalled) Source: HSJ, 30 October 2024

Two ambulance trusts have been left without a working electronic patient care record system for a week after a cyber attack affecting its Swedish-based supplier. Staff at South Western Ambulance Service Foundation Trust and South Central Ambulance Service FT have been working on paper since the MobiMed system – supplied by the firm Ortivus – went down last Tuesday. More than 1,700 ambulances and clinical workstations use the system, according to the company. One employee told HSJ some staff were struggling with a paper-based system which meant they had less information on patients. ”We can’t do summary care record searches or see previous call information,” the staff member said. SWASFT sent a message to staff on Friday saying the system was likely to be down “for a prolonged period”. Read full story (paywalled) Source: HSJ, 25 July 2023

A hacker group is in possession of at least a “small number” of patients’ data following a cyber-attack, NHS Dumfries and Galloway has said. Reports emerged on Wednesday of a post by the group Inc Ransom on its darknet blog, alleging it was in possession of three terabytes of data from NHS Scotland. The post included a “proof pack” of some of the data, which has been confirmed by the board to be genuine. The chief executive of the NHS board, Jeff Ace, said in a statement: “We absolutely deplore the release of confidential patient data as part of this criminal act. “This information has been released by hackers to evidence that this is in their possession. We are continuing to work with Police Scotland, the National Cyber Security Centre, the Scottish government and other agencies in response to this developing situation.” Patients whose data has been leaked will be contacted by the board, he said, while patient-facing services would continue as normal. Read full story Source: The Guardian, 27 March 2024

At least half of all integrated care systems lack a plan to defend the services they oversee from a cyber attack, HSJ has discovered. Integrated care systems are responsible for bolstering the cyber resilience of the organisations in their area. This includes having a “system-wide plan for maintaining robust cyber security”. However, research by HSJ has found that only ten ICSs would confirm they had such a plan. Twenty-six ICSs admitted they did not have a plan in place, while six systems did not respond to HSJ’s inquiries. See the end of the story for the full list. Of those without a plan, only 10 said they were developing one. NHS England had initially asked each ICS to submit draft cyber security strategies by the end of May, before sending final versions by the end of September but is now thought to be drawing up new timelines. Some regions appear particularly exposed. All four ICSs in the North East and Yorkshire region admitted they did not have a cyber security plan, while no ICS in either the London or South East region could confirm they did. An NHSE spokesman told HSJ it was “vital” that ICSs have “robust plans in place to manage the specific cyber risks in their local areas to protect patient data and systems”. Read full story (paywalled) Source: HSJ, 15 January 2024