Ransomware Attacks Continue to Target UK Hospitals, Exposing Sensitive Data

Ransomware attacks on National Health Service (NHS) hospitals across the United Kingdom have spiked, and the seriousness level of these breaches and disruptions to healthcare service delivery is at an all-time high. The notorious Russia-linked ransomware group, Inc Ransom, has taken responsibility for breaching Alder Hey Children’s Hospital Trust, one of Europe’s largest children’s hospitals, and exposing its sensitive patient data.

According to a new post on its dark web leak site, Inc Ransom claimed that it had extracted sensitive data ranging from patients’ records to donor data and procurement details at Alder Hey between 2018 and 2024. TechCrunch viewed extracts of the leaked data; these included detailed health-related information such as the patient’s medical history, dates of birth, address, and so on.

Alder Hey, which had acknowledged the breach on November 28, said hackers accessed its systems through a compromised “digital gateway service” used by several hospitals to communicate with each other. This also allowed the hackers to access data from other close-by hospitals, including Liverpool Heart and Chest Hospital and Royal Liverpool University Hospital.

Although Alder Hey has reassured the public that its hospital services continue to be operational and unchanged because of the breach, it fears that the stolen data might appear before the investigation currently under way is completed. The trust is currently looking into whether or not confidential information has been breached and continues to treat the situation very seriously.

A ransomware attack has also hit Wirral University Teaching Hospital, near the Alder Hey, causing its systems to be shut down. The hospital declared a “major incident” in response to the cyberattack. This particular attack, which has not yet been claimed by any ransomware group, has caused significant disruptions to the services of the hospitals. Even though clinical systems are being reinstated, some services will still be impacted, with longer waits expected in emergency departments and assessment areas. The hospital is asking the public to use emergency services only for true emergencies.

The NHS has been an ideal target for cybercriminals simply because of the large amount of sensitive information that it possesses. One such incident occurred this year when Synnovis, the pathology services provider, had to endure a massive data breach resulting from a cyberattack with months of disruption. The Qilin ransomware group, which boasted responsibility for the attack, stole and leaked 400 gigabytes of sensitive information belonging to patients, mainly including very confidential medical information.

The U.K. government has not issued an official statement regarding the recent attacks but had earlier announced a plan to strengthen the NHS’s cybersecurity. In 2023, the government released a five-pillar strategy to make the NHS cyber resilient by 2030. This plan came after a cyberattack in 2022 on Advanced, an IT service provider, which led to widespread disruptions in NHS services.

It further introduces the Cyber Security and Resilience Bill, that shall come into effect in 2025 mandating ransomware attacks’ reporting. The law has been a part of improving broader efforts on the improvement of cyber resilience in the country along with its vital public sector services including health care.

These recent cyberattacks prove that the NHS is still vulnerable to ransomware attacks and have brought to the fore the need for strengthening security measures. The ongoing targeted cyberattacks on health care institutions will continue to demand that patient data be safeguarded and services maintained uninterrupted, keeping NHS trusts, the UK government, and cybersecurity experts on high alert.

source: techcrunch