Merseyside residents are dealing with a major disruption in healthcare services for a third day now, thanks to a cyber attack on Wirral University Teaching Hospitals NHS Foundation Trust.
The attack surfaced on November 25 and seems to have shut down clinical activities at various sites, including Arrowe Park and Clatterbridge Hospitals. Surgical procedures have been canceled, and outpatient services have been halted, though emergency care is still available. Staff members reported being locked out of their IT systems and struggling to access patient records, forcing them to rely on manual processes. It appears this incident resembles a ransomware attack.
On November 26, a Trust spokesperson said, “We declared a major incident for cybersecurity reasons, and this situation is ongoing. We’re working hard to fix the issue and have activated our business continuity plans. Patient safety is our priority. Some outpatient appointments are canceled, and we’ve contacted those patients directly. We apologize for any inconvenience and will reach out again to reschedule.”
They confirmed that maternity services continue as normal, with all antenatal and post-natal appointments proceeding as scheduled. They urged the public to attend the Emergency Department only for true emergencies and to seek non-urgent care through NHS 111, walk-in centers, urgent treatment centers, GPs, or pharmacists.
The National Cyber Security Centre and the Information Commissioner’s Office have been notified about the attack, but further details remain under wraps. Cybersecurity expert Jake Moore from ESET remarked, “Cyber attacks often create frustration and financial strain, but when they hit hospitals, they put lives at risk. Local health services often lack adequate funding and may use outdated software, making them easier targets.”
If the Trust is indeed a victim of ransomware, it fits a pattern where attackers target healthcare services, knowing these organizations are likely to pay ransoms. A survey from Semperis showed that 66% of global healthcare organizations had paid ransoms. Dan Lattimer from Semperis emphasized the need for hospitals to operate with the assumption that breaches will happen. He noted that ransomware not only disrupts operations but can also severely impact patient care.
Lattimer suggested that hospitals should identify their critical vulnerabilities and develop incident response plans. Given that cyber criminals often target identity systems to access sensitive data, he urged healthcare organizations to focus on strengthening their defenses and ensuring robust backups, especially for patient data.