Just days after a serious cyber attack hit Wirral University Teaching Hospitals NHS Foundation Trust, Alder Hey Children’s NHS Foundation Trust in Merseyside is now facing its own major data breach. This incident reportedly has led to sensitive information being posted online and shared on social media.
While Alder Hey’s IT and security teams are investigating how extensive the breach is, Wirral University Teaching Hospitals continues its recovery efforts from last week’s attack. They’re implementing backup plans to maintain services over the weekend, which means staff are resorting to paper methods instead of their usual digital systems.
Alder Hey has a rich history, originally opened in 1914 as a workhouse. Now it stands as one of Europe’s largest children’s hospitals, handling everything from routine illnesses to highly specialized conditions. In 2015, the facility completed a significant upgrade, adding 270 beds, including 48 for critical care. Most recently, in January 2024, the hospital made waves by performing the world’s first Deep Brain Stimulation procedure for children using cutting-edge technology to treat dystonia.
However, following the leak of personal details, including patient records, it seems that the Inc Ransom cyber group has compromised systems shared by Alder Hey and the nearby Liverpool Heart and Chest Hospital. This same group claimed in March 2024 to have stolen information affecting over 140,000 NHS staff across Scotland. Reports indicate that the leaked details have made their way onto social media platforms.
In response to the breach, Alder Hey didn’t confirm the details but stated it is working closely with the National Crime Agency to investigate and assess the impact. They assured patients that operations remain normal and that appointments should go ahead as planned.
Alder Hey Trust emphasized the seriousness of the situation, highlighting their collaboration with the National Crime Agency and other partners to secure their systems while adhering to legal requirements for patient data. They reiterated that their incident isn’t connected to the ongoing situation at Wirral University Teaching Hospitals.
As for Wirral University Teaching Hospitals, the initial incident, reported on November 25, is suspected to be a ransomware attack. This event disrupted all clinical activity across multiple sites, including Arrowe Park and Clatterbridge Hospitals, which are critical for cancer care. The trust had to cancel surgeries and halt outpatient services, although emergency care remained functional. Staff found themselves locked out of IT systems, relying on manual processes to access patient information.
By November 28, the trust acknowledged that while efforts to resolve the issue were in full swing, disruptions were expected to continue into the weekend. A spokesperson clarified that they isolated their systems after detecting suspicious activity, preventing further spread. They reverted to backup processes, using paper in affected areas, and are working with national cyber security authorities to restore normal operations as soon as possible. Despite ongoing efforts, some scheduled appointments and procedures faced delays, and patients may experience longer wait times in the emergency department.