Alder Hey children’s hospital confirms ransomware operators accessed its systems through a shared digital gateway, but is standing firm in the face of the gang’s demands
Liverpool’s Alder Hey Children’s NHS Foundation Trust has revealed that a shared service operated by itself and Liverpool Heart and Chest Hospital NHS Foundation Trust was the source of an INC Ransom intrusion that has impacted patient data at both hospitals, as well as Royal Liverpool University Hospital.
The attack, which came to light on 28 November, has seen data exfiltrated from the Trusts’ IT systems, but is not linked to a separate ransomware attack against Wirral University Hospitals NHS Foundation trust, which unfolded a few days earlier and has been linked to the RansomHub crew.
In an update shared on 4 December, Alder Hey said: “Criminals gained unlawful access to data through a digital gateway service shared by Alder Hey and Liverpool Heart and Chest Hospital.
“This has resulted in the attacker unlawfully getting access to systems containing data from Alder Hey Children’s NHS Foundation Trust, Liverpool Heart and Chest Hospital, and a small amount of data from Royal Liverpool University Hospital.
The Trust said its investigation into exactly what data has been stolen is ongoing, and this may take some time. It warned that there was a possibility that the ransomware gang may publish the data before its investigation is complete, an indication that it is standing firm and resisting demands, as is public sector policy in the UK.
