'Patient data leaked' after cyber attack on Alder Hey Children's Hospital
Alder Hey Children's Hospital is working with the National Crime Agency after data was stolen and illegally posted online. Alder Hey confirmed on Thursday, November 28 that it was aware data from systems shared by the children's hospital and Liverpool Heart and Chest Hospital NHS Foundation Trust had been hacked and shared online.
Technology trade magazines have reported that a cyber criminal operation called the INC Ransom group claims to have stolen the data. It's been reported that the group have published screenshots of data on the dark web that contains the personal information of patients, donations from benefactors and procurement information.
The children's hospital said: "We are aware that data has been published online and shared via social media that purports to have been obtained illegally from systems shared by Alder Hey and Liverpool Heart and Chest Hospital NHS Foundation Trust. We are working with partners to verify the data that has been published and to understand the potential impact.
READ MORE: 'WhatsApp messages' of firefighter and schoolgirl 'he had sex with'
READ MORE: CPS given file for criminal charges against police responder who hit and killed woman crossing road
"We are taking this issue very seriously and are working with the National Crime Agency as well as partner organisations to secure our systems and to take further steps in line with law enforcement advice as well as our statutory duties relating to patient data."
Alder Hey said the incident was not linked to issues seen at Wirral University Teaching Hospitals NHS Foundation Trust earlier this week. The Wirral trust - responsible for Arrowe Park Hospital, Clatterbridge Hospital and Wirral Women and Children's Hospital - was the victim of a cyber attack on Monday, November 25.
Hundreds of appointments were cancelled and staff were forced to manually record notes as the systems holding records were down. In an update yesterday the hospital trust said it expected the issues to continue over the weekend with some procedures postponed. However, the Wirral trust said people were advised to continue to attend scheduled appointments unless told otherwise.
Despite the data breach, Alder Hey - which treats more than 450,000 patients a year making it one of Europe's busiest children's hospitals - said its services continue to operate as normal and "patients should attend appointments as usual".
Infosecurity Magazine reported INC Ransom had posted on its data leak site that it had obtained large-scale data patient records, donor reports and procurement data for 2018-2024 from the children's hospital. ComputerWeekly added the cyber group claimed in March this year to have stolen data concerning over 140,000 clinical and back-office staff across the NHS in Scotland.