Second Merseyside hospital hit by cyber attack

Just days after a major cyber attack on Wirral University Teaching Hospitals NHS Foundation Trust, another of Merseyside’s leading hospitals, Alder Hey Children’s NHS Foundation Trust, is reported to have suffered a major data breach of its online systems that purportedly has seen confidential information published online and shared via social media.

As authorities and IT teams at Alder Hey were assessing the veracity and extent of their breach, Wirral University Teaching Hospitals revealed that mitigation work and business continuity programmes implemented after its major incident, regarded at this moment as unconnected to Alder Hey, will continue over the weekend, with ongoing disruption to planned services and staff using paper-based resources rather than digital platforms.

Located just over four miles east of Liverpool city centre and originally created as a workhouse, providing care for the sick in 1914, Alder Hey Children’s NHS Foundation Trust describes itself as one of Europe’s biggest and busiest children’s hospitals, with treatment ranging from common illnesses to highly complex and specialist conditions.

In October 2015, the hospital unveiled the fruits of a major upgrade resulting in 270 beds, including 48 critical care beds for ICU, HDU and burns patients. In January 2024, in a world’s first for children’s medicine, it performed Deep Brain Stimulation (DBS) using a new advanced technology to help treat dystonia.

Following the publication of personal details, including patient records, on its leak site, the Inc Ransom cyber criminal operation – which in March 2024 claimed to have stolen data concerning over 140,000 clinical and back-office staff across the NHS in Scotland – appears to have breached systems shared by Alder Hey and nearby Liverpool Heart and Chest Hospital NHS Foundation Trust. The details are said to have been shared on social media platforms too.

In a statement concerning the alleged breach, the Alder Hey Trust did not confirm the veracity of the report and said it was working with the National Crime Agency to verify what had been published and to understand the potential impact, implementing mitigations if necessary. It wanted to assure patients and families that it was operating as normal, and that patients should attend appointments as usual.

An official statement added: “We are taking this issue very seriously and are working with the National Crime Agency as well as partner organisations to secure our systems and to take further steps in line with law enforcement advice as well as our statutory duties relating to patient data.”

Alder Hey also stressed that its incident was not linked to the ongoing incident across the Mersey at Wirral University Teaching Hospitals, which initially came to light on 25 November and is believed to have affected all clinical activity at multiple sites, including Arrowe Park and Clatterbridge Hospitals, specialist centres for cancer treatment.

After discovering the incident, which initial reports suggested resembled a ransomware attack, the Wirral trust was forced to cancel surgical procedures and turn away outpatients, although emergency care remains up and running. Staff members told local media that they had been locked out of their IT systems and were unable to access patient records, forcing them to resort to manual procedures.

In an update released on 28 November, the Wirral trust said that even though it was “working hard to rectify the issue,” it expected the ramifications to run over the coming weekend.

A Wirral University Teaching Hospital spokesperson said: “After detecting suspicious activity, as a precaution, we isolated our systems to ensure that the problem did not spread. This resulted in some IT systems being offline. We have reverted to our business continuity processes and are using paper rather than digital in the areas affected. We are working closely with the national cyber security services and we are planning to return to normal services at the earliest opportunity.”

The trust said that while services continue to be available, there was still disruption to planned services and scheduled appointments, leading to some procedures being postponed. It was also likely that there would be longer than usual waiting times for unplanned treatment in its emergency department and assessment areas.