Screenshots purporting to be from systems of Liverpool NHS health facility have been posted on dark web. A ransomware gang claims to have stolen data from the Alder Hey children’s hospital in Liverpool, allegedly including patient records.
The INC Ransom group said it had published screenshots of data on the dark web that contained the personal information of patients, donations from benefactors and procurement information.
Sources confirmed that snapshots of spreadsheets purporting to be from Alder Hey’s systems had been displayed on the INC site carrying the message “evidence of large scale data”. There were 11 screenshots, understood to contain names, addresses, medical reports and financial papers.
The Alder Hey children’s NHS foundation trust said it was aware of the alleged leak and was working to verify whether the data belonged to the hospital.
“We are aware that data has been published online and shared via social media that purports to have been obtained illegally from systems shared by Alder Hey and Liverpool Heart and Chest hospital NHS foundation trust. We are working with partners to verify the data that has been published and to understand the potential impact,” the trust said.
Alder Hey treats more than 450,000 patients a year making it one of Europe’s busiest children’s hospitals. It said its services were operating as normal and patients should continue to attend appointments.
The hospital said it was working with the National Crime Agency to secure its IT systems and that the alleged data theft was not linked to another “cyber incident” that occurred this week at the nearby Wirral university teaching hospital NHS trust.
Ransomware gangs typically operate out of Russia or former Soviet Union countries. They hack into their targets’ computer systems and cripple them by inserting malware into the network, extracting data at the same time. They then threaten to leak the stolen data online unless they receive a payment, usually demanded in bitcoin.
Last year, victims of ransomware attacks paid out a record $1.1bn (£866m) to assailants, according to the cryptocurrency research firm Chainalysis, double the 2022 total.
The INC ransomware gang first emerged in July 2023 and as of April this year its second most popular target was healthcare organisations, the majority of them based in the US. However it has also claimed victims in the UK and this year said it was responsible for an attack on NHS Dumfries and Galloway health board.
