The INC Ransomware-as-a-Service operator has claimed to be behind attacks on hospitals in Merseyside.

Both the Alder Hey Children's Hospital and Liverpool Heart and Chest Hospital NHS Foundation Trust were claimed to have been compromised by INC Ransom, after the ongoing intrusion at the Wirral University Teaching Hospital NHS Trust was initially disclosed.

Attacks on NHS

According to The Register, INC Ransom has claimed responsibility for an attack on NHS Scotland in June this year, now claims to have stolen data from Liverpool's Alder Hey Children's Hospital and Liverpool Heart and Chest Hospital NHS Foundation Trust.

This involves stealing patients' and donors' full names and addresses, as well as the former's medical reports and financial files and the latter's donation amounts for the past six years. The cyber-criminals said the data goes back to 2018 and runs right up to 2024.

In a statement issued on Thursday, Alder Hey said: "We are aware that data has been published online and shared via social media that purports to have been obtained illegally from systems shared by Alder Hey and Liverpool Heart and Chest Hospital NHS Foundation Trust. We are working with partners to verify the data that has been published and to understand the potential impact.

"We are taking this issue very seriously and are working with the National Crime Agency (the NCA) as well as partner organizations to secure our systems and to take further steps in line with law enforcement advice as well as our statutory duties relating to patient data."

Troves of Data

William Wright, CEO of Closed Door Security, said: “In the last year, criminals have compromised several NHS trusts, which have put troves of patient data at serious risk and highlighted the vulnerability of the UK's healthcare service.

“Unlike assaults on enterprises, attacks on the NHS are generally not motivated by money. The UK government has been very public in its commitments to not pay ransomware actors, and it’s highly unlikely they are going to back down on this. Given the minimal chance of receiving a payout, this suggests this attack has been executed with destructive motives.

"We don’t know how the criminals gained access to Alder Hey, but the incident does act as a reminder that all organisations are targets for criminals, but it’s not always just about making lots of money.”

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.