The UK's National Health Service (NHS) is reeling from a series of ransomware attacks that have compromised multiple hospitals, exposing sensitive patient data and disrupting emergency services. The latest attack, claimed by the prolific Russia-linked ransomware group Inc Ransom, has breached the Alder Hey Children's Hospital Trust, one of Europe's largest children's hospitals.

Inc Ransom has claimed to have stolen patient records, donor reports, and procurement data spanning between 2018 and 2024 from Alder Hey. Samples of the alleged stolen data, seen by TechCrunch, include records containing sensitive health information on patients, along with personally identifiable information, such as dates of birth and addresses. The attack has raised concerns about the security of patient data and the potential consequences for those affected.

Alder Hey first confirmed the cybersecurity incident on November 28, stating that hackers had compromised a "digital gateway service" used by several hospitals to access its systems. This gave the hackers access to data belonging to the children's hospital, along with data from Liverpool Heart and Chest Hospital and Royal Liverpool University Hospital. The hospital trust has warned that there is a possibility that the attackers "may publish the data before our investigation is concluded."

In a separate incident, the Wirral University Teaching Hospital, located just miles from Alder Hey, has also been targeted by a ransomware attack. The attack, which has not yet been claimed by any major ransomware group, forced the hospital to declare a "major incident" after shutting down its systems. The disruption caused by the cyberattack is ongoing, with some services still affected and longer than usual waiting times in the Emergency Department and assessment areas.

The NHS has long been an attractive target for ransomware hackers, with previous attacks causing widespread disruption to services. Earlier this year, the health service declared a "critical" incident after a cyberattack on pathology services provider Synnovis led to a massive data breach and months of disruption. The Qilin ransomware gang, which claimed responsibility for the attack, also leaked 400 gigabytes of sensitive data allegedly stolen from Synnovis, including highly sensitive patient details.

The UK government has not commented on the latest attacks, but last year published a five-pillar strategy that aims to make the NHS more resilient to cyberattacks by 2030. The government has also announced plans to introduce the Cyber Security and Resilience Bill to parliament in 2025, which will mandate the reporting of ransomware attacks. However, the latest attacks highlight the need for urgent action to protect the NHS from these types of threats.

The attacks on the NHS hospitals serve as a stark reminder of the devastating consequences of ransomware attacks on critical infrastructure. As the healthcare sector continues to grapple with the challenges of cybersecurity, it is essential that hospitals and healthcare providers prioritize the protection of patient data and invest in robust cybersecurity measures to prevent such attacks in the future.

In the meantime, patients and healthcare professionals alike are left to wonder about the security of their personal data and the potential consequences of these attacks. As the investigation into the attacks continues, one thing is clear: the NHS must take immediate action to bolster its defenses against ransomware attacks and protect the sensitive data of its patients.