A major cyber security incident has been reported at Alder Hey Children's Hospital in Liverpool, as ransomware group INC Ransom claims to have stolen sensitive patient and organizational data.
The attack, disclosed on November 28, allegedly compromised patient records, donor information, and procurement data spanning 2018-2024 from the Alder Hey Children's NHS Foundation Trust.
Hospital administrators acknowledged the situation in an official statement, confirming that data allegedly obtained through illegal means has appeared online and on social media platforms. The compromised systems are reportedly shared between Alder Hey and Liverpool Heart and Chest Hospital NHS Foundation Trust.
The hospital is currently collaborating with the National Crime Agency to investigate the incident's scope and verify the authenticity of the leaked data. Hospital officials have assured that medical services remain operational, and patients should continue attending their scheduled appointments.
Security experts note that INC Ransom typically exploits CitrixBleed, a critical vulnerability in Citrix systems discovered in 2023. This security flaw enables attackers to bypass authentication measures and take control of user sessions.
Technical analysis suggests that a Citrix instance in Alder Hey's IT infrastructure has become unresponsive, possibly indicating defensive measures taken by the hospital's IT team during their investigation.
The Trust emphasizes its commitment to securing systems and protecting patient data, working closely with law enforcement agencies. Officials clarify that this incident is separate from another recent cyber event at Wirral University Teaching Hospital in the same region.
This attack adds to INC Ransom's history of targeting UK public institutions, raising concerns about the security of healthcare infrastructure and sensitive patient information.