Headline
NHS Ransomware Attack: Russian INC Ransom Gang Steals Patient Data
INC Ransom, a Russian-leanguage ransomware group has claimed responsibility for the ransomware attack on two NHS, hospitals.
****SUMMARY****
Ransomware Hits NHS: Alder Hey Children’s and Liverpool Heart and Chest NHS Foundation Trusts, along with Wirral University Teaching Hospital, were targeted in ransomware attacks, causing significant disruptions.
Russian Group Claims Responsibility: The INC Ransom gang has taken responsibility for two of the attacks, leaking sensitive patient data, including names, addresses, and internal hospital files.
Patient Services Impacted: Routine procedures and appointments have been delayed, with hospital staff resorting to manual record-keeping to maintain operations.
Investigations Underway: The National Crime Agency and NHS Digital are probing the attacks, with early reports suggesting vulnerabilities in IT systems were exploited.
Data Security Concerns: The incidents have sparked renewed fears about patient data privacy, drawing parallels to the infamous WannaCry ransomware attack of 2017.
A series of ransomware attacks have hit multiple NHS hospitals in the UK, causing major disruptions to healthcare services. At least two hospitals, including Alder Hey Children’s NHS Foundation Trust and Liverpool Heart and Chest NHS Foundation Trust, have been impacted.
The attack, which took place on November 28, was acknowledged by Alder Hey Children’s NHS Foundation Trust in a security advisory. Coincidentally, Wirral University Teaching Hospital NHS Foundation Trust (WUTH) has also been hit by a ransomware attack however according to Alder Hey Children’s Hospital Trust, both ransomware incidents are unrelated.
WUTH also confirmed the attack and disabled parts of its IT network while working with national cybersecurity services to contain the threat. The disruption has resulted in delays for some patient services, including routine procedures and administrative processes, although emergency care continues to be prioritized. Hospital staff are resorting to manual record-keeping in some departments, adding to the operational strain.
The home page of Wirral University Teaching Hospital NHS Foundation Trust’s website shows this alert (Screenshot credit: Hackread.com)
****Russian Ransomware Gang INC Ransom Claims Responsibility****
The Russian-speaking ransomware group known as INC Ransom has taken responsibility for the attacks on Alder Hey Children’s NHS Foundation Trust and Liverpool Heart and Chest NHS Foundation Trust and has begun leaking some sensitive data allegedly stolen from the affected hospital systems.
The leaked information, as seen by Hackread.com, includes confidential patient records, including full names, addresses, doctor and GP’s comments and internal hospital files. This cyber attack has raised new concerns about patient data, drawing comparisons to the WannaCry ransomware attack that hit the NHS on May 12, 2017.
A screenshot from the INC Ransom gang’s dark web leak site shows its claims and some of the leaked data (Screenshot credit: Hackread.com)
Impact on Patients and Healthcare Operations
The attack has had a direct impact on patient care. Routine appointments and procedures have been postponed, creating backlogs and uncertainty for patients. Hospital workers have expressed frustration over the additional workload caused by the loss of access to digital systems, which are crucial for efficient hospital operations.
One hospital official, while talking to Hackread.com, described the attack as a “massive blow to patient care,” emphasizing the need for immediate action to restore normal operations.
Ongoing Investigation and Response
The National Crime Agency (NCA), alongside NHS Digital and other government agencies, is actively investigating the attack. Early reports suggest that the attackers exploited vulnerabilities in the hospitals’ IT systems, although further details are yet to be confirmed.
Meanwhile, patients are advised to be vigilant about communications they receive from hospitals and to report any suspicious activity related to their medical records.
****Not for the First Time****
This is not the first time INC Ransom has targeted the NHS. In March 2024, the cybercrime gang attacked NHS Scotland, stealing 3 terabytes of patient data. The group threatened to leak the information unless their demands were met.
This latest cyberattack is an ongoing story and will be updated as more details emerge. Stay tuned!
- Hackers set up a fake NHS website to spread malware
- NHS data breach exposed healthcare data of 150,000 patients
- Qilin Ransomware Leaks 400GB of NHS, Patient Data on Telegram
- London NHS Crippled by Ransomware, Several Hospitals Targeted
- NHS Dumfries and Galloway Faces Cyberattack, Patient Data at Risk