.png)
1 month ago
11
A ransomware gang claims to have stolen data from the Alder Hey children’s hospital in Liverpool, allegedly including patient records.
The INC Ransom group says it has published screenshots of data on the dark web that contain personal information of patients, donations from benefactors and procurement information.
Sources confirmed that snapshots of spreadsheets purporting to be from Alder Hey’s systems have been displayed on the INC site carrying the message “evidence of large scale data”. There are a total of eleven screenshots, which are understood to contain names, addresses, medical reports and financial papers.
The Alder Hey children’s NHS foundation trust said it was aware of the alleged leak and was working to verify whether the data belonged to the hospital.
“We are aware that data has been published online and shared via social media that purports to have been obtained illegally from systems shared by Alder Hey and Liverpool Heart and Chest hospital NHS foundation trust. We are working with partners to verify the data that has been published and to understand the potential impact,” said the trust.
Alder Hey, which is one of Europe’s busiest children’s hospital, treating more than 450,000 patients each year, added that its services were operating as normal and patients should continue to attend appointments.
The hospital said it was working with the National Crime Agency to secure its IT systems and that the alleged data theft was not linked to another “cyber incident” that occurred this week at the nearby Wirral university teaching hospital NHS trust. The NCA has been contacted for comment.
Ransomware gangs typically operate out of Russia or former Soviet Union countries. They hack into their targets’ computer systems and cripple them by inserting so-called malware into the network, extracting data at the same time. They then threaten to leak the stolen data online unless they receive a payment, usually demanded in bitcoin.
Last year, victims of ransomware attacks paid out a record $1.1bn to assailants, according to the cryptocurrency research firm Chainalysis – double the 2022 total.
Healthcare organisations are frequently targeted by ransomware gangs. In June, two major hospital trusts in London were disrupted by a ransomware attack that disrupted operations and also accessed 300m patient interactions including the results of blood tests for HIV and cancer.
The INC ransomware gang first emerged in July 2023 and as of April this year, its second most popular target was healthcare organisations, with the majority originating in the US. However it has also claimed victims in the UK and this year said it was responsiblle for an attack on NHS Dumfries and Galloway health board.
Rafe Pilling, director of threat research at the cybersecurity firm Secureworks, said a partial leak of data was typical of ransomware gangs’ attempts to secure a payment.
“This is an attempt to apply pressure to the organisation,” he said.
A senior NHS official said that its individual trusts were advised not to pay ransoms and instead work with the NCA to respond to any demands from attackers.
