December 5, 2024 at 07:31AM
NHS trusts in Wirral and Liverpool are recovering from separate cyberattacks. NHS Wirral downgraded its incident status; systems are still being restored, causing longer wait times. Alder Hey Children’s Hospital confirmed a data breach, with attackers posting personal information online, while investigations are ongoing. Ransom payments are not anticipated.
**Meeting Takeaways: Cyberattacks on NHS Hospitals**
1. **Current Status of Attacks**:
– NHS Wirral University Teaching Hospital is in recovery from a cyberattack, downgrading from a “major incident” to a “business continuity incident.” Services are still affected, and patients with outpatient appointments should attend as scheduled.
– Liverpool hospitals, including Alder Hey Children’s Hospital, are managing an attack claimed by the group INC Ransom, affecting their systems through an unspecified digital gateway service.
2. **Impact on Services**:
– Alder Hey is actively investigating the breach, which led to personal data exposure. While all services are still operational, longer wait times in the Emergency Department are anticipated due to system restoration efforts.
– NHS Wirral has reverted to manual (pen and paper) operations during the recovery.
3. **Data Breach Investigation**:
– Alder Hey has confirmed that data, including sensitive information of donors and patients, was unlawfully accessed and allegedly posted online. The full extent of the data breach is still being ascertained.
– The investigation is ongoing, with the possibility of further data publication before the completion of their inquiry.
4. **Response Measures**:
– Both trusts are working with law enforcement agencies. Alder Hey is collaborating with the National Crime Agency to secure targeted systems and block further unauthorized access.
5. **Ransom Payment Policy**:
– The NHS has a long-standing policy against paying ransoms, maintaining that there have been no reported payments since the 2017 WannaCry incident. It is unlikely INC Ransom will receive ransom payments.
6. **Ongoing Communication**:
– Trusts will provide additional updates regarding the data breach as investigations continue, adhering to regulations from the Information Commissioner’s Office.
These takeaways summarize the current situation regarding the cyberattacks on NHS hospitals, highlighting the impact on services, responses, and the ongoing investigations related to data security.