Data published online following data breach at Alder Hey
- 2 December 2024
- Alder Hey Children’s NHS Foundation Trust has suffered a major data breach of its online systems that has seen confidential information published online and shared via social media
- The trust said it is working with the National Crime Agency as well as partner organisations to secure its systems and take further steps in line with law enforcement advice
- The attack on 28 November 2024 comes just days after another cyber attack in Merseyside on Wirral University Hospital NHS Foundation Trust, who declared a “major incident” on 25 November 2024
Alder Hey Children’s NHS Foundation Trust has suffered a data breach that has seen confidential information published online and shared via social media.
A statement posted on the trust’s website on 28 November 2024, said: “We are aware that data has been published online and shared via social media that purports to have been obtained illegally from systems shared by Alder Hey and Liverpool Heart and Chest Hospital NHS Foundation Trust.
“We are working with partners to verify the data that has been published and to understand the potential impact.
“We are taking this issue very seriously and are working with the National Crime Agency as well as partner organisations to secure our systems and to take further steps in line with law enforcement advice as well as our statutory duties relating to patient data.”
The attack comes just days after a cyber attack in Merseyside on Wirral University Hospital NHS Foundation Trust, which declared a “major incident” on 25 November 2024.
However in its statement Alder Hey said that its incident is not linked to the ongoing incident at Wirral University Teaching Hospitals and confirmed that services are operating as normal, and patients should attend appointments as usual.
Wirral University Teaching Hospitals said in a statement published on 28 November 2024 that they expected the major incident declared to continue over the weekend.
“The major incident was declared following a targeted cyber security issue and we are working hard to rectify the issue,” the trust said.
“After detecting suspicious activity, as a precaution, we isolated our systems to ensure that the problem did not spread.
“This resulted in some IT systems being offline. We have reverted to our business continuity processes and are using paper rather than digital in the areas affected.”
The cyber attacks are the latest to disrupt NHS services, following a ransomware attack on pathology provider Synnovis in June 2024, which led to 10,152 acute outpatient appointments and 1,710 elective procedures being postponed at King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS FT, and at least five cases of moderate patient harm.
NHS Dumfries and Galloway was also hit by a cyber attack in March 2024, which led to hackers publishing stolen patient information on the dark web.
Despite these attacks, Mike Fell, executive director of national cyber security operations at NHS England, told Digital Health News that cyber attacks “have plateaued, if not are on a downward trend, particularly against the NHS”.
According to the Department of Science, Innovation and Technology (DSIT), the Cyber Security and Resilience Bill, which is due to be introduced to Parliament in 2025, will prevent attacks on the NHS.
In a statement published on 30 September 2024, the DSIT said: “This Bill will fill an immediate gap in our defences and prevent similar attacks experienced by critical public services in the UK, such as the recent ransomware attack impacting London hospitals.”
In September 2024, an updated cyber resilience framework for health and social care organisations was announced by the National Data Guardian and NHS England.
