Skip to content

INC Ransom targets NHS Alder Hey Children’s hospital

  • by
  • 2 min read

Photo by Pixabay

Liverpool’s Alder Hey Children’s NHS Foundation Trust has found itself at the centre of a cybercrime storm, as notorious ransomware group INC Ransom claimed responsibility for a data breach. The group posted on this leak site, asserting that it had obtained sensitive data, including patient records, donor records, and procurement information spanning from 2018 to 2024.

The Trut promptly acknowledged the claim in a public statement, revealing that data purportedly linked to Alder Hey and the Liverpool Heart and Chest Hospital NHS Foundation Trust had been published online and circulated on social media.

Officials confirmed they are collaborating with the UK’s National Crime Agency (NCA) and other partners to assess the authenticity of the breach and its potential consequences, reports Infosecurity.

Alder Hey reassured patients that its services remain unaffected, emphasising that appointments should proceed as scheduled. “We are aware that data has been published online and shared via social media that purports to have been obtained illegally from systems shared by Alder Hey and Liverpool Heart and Chest Hospital NHS Foundation Trust,” the Trust said.

Cybersecurity researchers pointed out the possibility of INC Ransom exploiting CitrixBleed (CVE-2023-4966), a critical vulnerability discovered earlier this year in Citrix NetScaler ADC and Gateway appliances.

This exploit allows attackers to bypass multifactor authentication (MFA) and hijack user sessions, which INC Ransom frequently employs in prior attacks.

INC Ransom’s track record includes attacks on several UK public entities, raising alarms about the group’s persistent targeting of critical infrastructure. If confirmed, the Alder Hey branch would add to the growing list of ransomware incidents affecting healthcare providers — a sector already under significant pressure.

In April 2024, UnitedHealth confirmed that the threat actor stole data from more than 100 million American citizens. In India, over 7.24 TB of sensitive Star Health data was leaked on Telegram.

As investigations continue, Alder Hey is taking precautions to secure its systems.

In the News: X tests new label for parody accounts to curb impersonation issues

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

>