Ransom gang claims attack on NHS Alder Hey Children's Hospital
- Reference: 1732883086
- News link: https://www.theregister.co.uk/2024/11/29/inc_ransom_alder_hey_childrens_hospital/
- Source link:
The attack on Liverpool's Alder Hey Children's Hospital and Liverpool Heart and Chest Hospital NHS Foundation Trust is apparently unconnected to an ongoing cyber "incident" at [1]the Wirral University Teaching Hospital NHS Trust that is causing severe disruption at hospitals nearby.
The children's hospital also dispelled any possible links to the Wirral incident, ongoing since [2]earlier this week , which was allegedly carried out by rival ransomware crooks over at RansomHub.
[3]
INC Ransom, the group that claimed responsibility for an attack on NHS Scotland in June this year, now claims to have stolen data from Liverpool's Alder Hey Children's Hospital and Liverpool Heart and Chest Hospital NHS Foundation Trust.
[4]
[5]
The criminals published a limited sample of the allegedly stolen data, which includes the full names and addresses of supposed patients and donors, the amount of money said donors have given to the hospital, patients' medical reports (including unique hospital numbers and dates of birth), and financial documents.
They claimed the data goes back to 2018 and runs right up to 2024.
[6]
In a statement issued on Thursday, Alder Hey said: "We are aware that data has been published online and shared via social media that purports to have been obtained illegally from systems shared by Alder Hey and Liverpool Heart and Chest Hospital NHS Foundation Trust. We are working with partners to verify the data that has been published and to understand the potential impact.
"We are taking this issue very seriously and are working with the National Crime Agency (the NCA) as well as partner organizations to secure our systems and to take further steps in line with law enforcement advice as well as our statutory duties relating to patient data."
The Register reached out to Alder Hey and the NCA for additional information about the situation but neither immediately responded.
[7]
Just a few miles away and separated only by a narrow stretch of the River Mersey, the two attacks on the geographically linked Alder Hey and Wirral NHS Trusts is something of an anomaly. It's rare, but not unheard of, for NHS organizations to be attacked given the degree of disruption criminals can cause, but for two attacks to occur in the same week within a stone's throw of each other is very much an oddity.
Alder Hey said, unlike its neighbors in Wirral, that its services are operating as normal and no scheduled appointments or procedures were impacted.
[8]Mega US healthcare payments network restores system 9 months after ransomware attack
[9]Ransomware's ripple effect felt across ERs as patient care suffers
[10]LockBit shows no remorse for ransomware attack on children's hospital
[11]Lurie Children's Hospital back to pen and paper after cyberattack
The hospital is one of the largest and busiest of its kind in Europe, and deals with all manner of cases from minor to the most complex. Alongside London's Great Ormond Street Hospital, it's a pioneer in medical research and is among the most recognizable names in UK healthcare.
INC Ransom is the same band of scumbags that [12]attacked NHS Dumfries and Galloway back in March and in similar fashion to Alder Hey, it plastered a bunch of stolen data online as a means to dial up the pressure and have its extortion demands met.
The Scottish NHS Trust it attacked later [13]confirmed the criminals got their hands on 150,000 people's data after it refused to meet the gang's demands. INC Ransom allegedly stole up to 3TB worth of data from the Trust. ®
Get our [14]Tech Resources
[1] https://www.theregister.com/2024/11/28/wirral_nhs_cyber_incident/
[2] https://www.theregister.com/2024/11/26/third_major_cyber_incident_declared/
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z0nzLlPLBgOPLAjC-o7jQAAAAE4&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z0nzLlPLBgOPLAjC-o7jQAAAAE4&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z0nzLlPLBgOPLAjC-o7jQAAAAE4&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z0nzLlPLBgOPLAjC-o7jQAAAAE4&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z0nzLlPLBgOPLAjC-o7jQAAAAE4&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[8] https://www.theregister.com/2024/11/20/change_healthcares_clearinghouse_services/
[9] https://www.theregister.com/2024/10/24/ransomware_ripple_effect_hospitals/
[10] https://www.theregister.com/2024/02/01/lockbit_ransomware_attack_hospital/
[11] https://www.theregister.com/2024/02/05/lurie_childrens_hospital_cyberattack/
[12] https://www.theregister.com/2024/03/28/nhs_scotland_cyberattack/
[13] https://www.theregister.com/2024/06/18/nhs_dumfries_and_galloway_letter/
[14] https://whitepapers.theregister.com/
Re: No mercy for vermin who attack healthcare
Tell that to the [1]IDF..
By April, WHO had verified 906 attacks on healthcare in Gaza, the West Bank, Israel, and Lebanon.[5] As of June 2024, according to WHO, Israel has attacked 464 health care facilities, killed 727 health care workers, injured 933 health care workers, and damaged or destroyed 113 ambulances [6]
Not to mention the number of children's hospitals blown up by Mad Vlad
Not trying to minimise the ransom scum here obviously, but just pointing out the much larger scale scummery coming from Israel and Russia that everyone seems to want to forget about these days
Tbh i'd guess this latest cyber scummery is probably linked to the above, i.e. either coming from Russia in revenge for the UK's support for Ukraine, or from Iran in revenge for the UK's support for Israel
[1] https://en.wikipedia.org/wiki/Attacks_on_health_facilities_during_the_Israel%E2%80%93Hamas_war
Re: No mercy for vermin who attack healthcare
Completely agree with you. No doubt some of these places are being used as shields, but targeting them is not the answer. The innocent are never considered in matters of war or targeted attacks. It's easy to launch an attack from a far off place coldly and clinically and never see, understand or feel the hell unleashed.
Re: No mercy for vermin who attack healthcare
"No doubt some of these places are being used as shields, but targeting them is not the answer".
Agreed - using civilians as a human shield is cowardly and despicable, but choosing to smash through that shield *anyway* to get at the people behind it is grotesque.
"Line them up against a wall and shoot."
First get your hands on them.
Serious rewards for information leading to arrest might help. If it happened that a necessary preliminary were abduction from somewhere where arrest is not feasible to somewhere where it is, so be it.
Private networks
These systems should be interconnected via private networks, not generally available via the internet.
Remote access should be to hosted virtual desktops etc with strong security & limited access etc.
in my time in government all our sites where interconnected via frame relay then private mpls, Internet break out was via 2 main sites only via proxies etc.
Its still possible to get private mpls circuits and also hop across privately to the big databarns like aws/azure/gcp etc without making those systems directly addressable to the general internet.
its possible that the hospitals are connected privately and the miscreants came in over the internet & exfiltrated / caused their mayhem that way but less likely especially if good internet access controls are used.
its time a government security department ensured high standards of security for these systems & could swoop in to take control when things like this happen.
i guess there is this
https://www.npsa.gov.uk
https://www.security.gov.uk/policy-and-guidance/secure-by-design/principles/
& the good practice guide in what ever form its in now.
We need a law against ransom payments (or more generally, paying anyone known to be committing serious crime), one which doesn't have any loopholes for the various "consultants" who take advantage of the victims.
There would need to be rewards for whistleblowers too. The idea would be to make it impossible for any organisation, private or public, to make a substantial ransom payment without the risk that (for example) a low-level finance employee will notice something funny and report it for the reward.
Attacking a children's hospital is literally villain shit.
What next, we gonna have an epidemic of weirdoes tying women to thoroughfares and twirling their mustaches while doing so?
Line them up against a wall and shoot. No mercy for vermin who attack healthcare in particular.