British hospital group declares ‘major incident’ following cyberattack

Avatar

The NHS Trust responsible for a group of hospitals in northwest England has declared a “major incident” following a cyberattack, invoking the crisis management status for events that pose a serious risk to public health.

A statement on the website for Wirral University Teaching Hospital NHS Foundation Trust says: “A major incident has been declared at the Trust for cyber security reasons.”

The nature of the incident has not been disclosed. Outpatient appointments have been cancelled, and patients are being asked not to attend the hospital unless they have a “genuine emergency.”

“We apologise for any inconvenience and we will contact our patients as soon as possible to rearrange,” a spokesperson said.

The Trust is responsible for several hospitals and other health services in the Wirral —  a peninsula between the river Mersey in England and northeast Wales — including Arrowe Park Hospital, Clatterbridge Hospital, and Wirral Women and Children’s Hospital.

A staff member at the Trust told local newspaper the Liverpool Echo: “Everything is down. Everything is done electronically so there’s no access to records, results or anything so we are having to do everything manually, which is really difficult. The damage is huge.”

The incident follows a series of cyber incidents that have impacted the United Kingdom’s health service this year, including a ransomware attack that caused a critical incident to be declared across several of London’s largest hospitals.

That attack, on pathology services provider Synnovis, had the knock-on effect of leaving national blood stocks in a perilous position, with an urgent call for O-type blood donations issued as doctors and nurses struggled to make blood matching tests.

Ultimately, more than 10,000 appointments and over 1,600 operations — including some for cancer treatments — were cancelled due to the disruption. Almost a million people are believed to have had their sensitive medical data leaked online as part of the criminals’ extortion attempt.

In a separate incident following that attack, every single household in the Scottish region of Dumfries and Galloway received a letter warning residents that their data was likely to have been accessed by cybercriminals who had hacked their local NHS Trust.

The government plans to address the country’s cybersecurity shortcomings with a new Cyber Security and Resilience Bill, currently expected to be introduced to parliament next year.

NewsCybercrime
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.

 

Total
0
Shares
Previous Post

‘CyberVolk’ hacktivists use ransomware in support of Russian interests

Related Posts

North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit

A recently patched security flaw in Google Chrome and other Chromium web browsers was exploited as a zero-day by North Korean actors in a campaign designed to deliver the FudModule rootkit. The development is indicative of the persistent efforts made by the nation-state adversary, which had made a habit of incorporating rafts of Windows zero-day exploits into its arsenal in recent months.
Avatar
Read More