Alder Hey Children's Hospital is the latest victim of a cyber attack, causing patient data of children that have been treated there to be leaked online.
A notorious cyber gang known as INC Ransom have claimed responsibility for the cyber attack. The cybercriminals published a limited sample of the stolen data which includes not only full medical records of patients but also financial records of donors. They allege they have secured data that dates back to 2018.
INC are the cyber gang behind the attack on NHS Dumfries and Galloway in March where they were able to steal 3TB worth of data.
INC Random also claimed responsibility for an attack on the non profit McLaren Health Care earlier this year. The attack has impacted all 13 of the facilities operated by the healthcare system and delayed treatments.
Appointments not impacted
Last week, hospitals in the same Merseyside region were forced to cancel outpatient procedures following a major cyber incident. However, so far the two incidents seem to be unrelated.
Unlike this earlier cyber attack, Alder Hey’s operations are not impacted and appointments delivering vital care will continue as scheduled.
A statement from Alder Hey confirms that they are ‘working with partners to verify the data that has been published and to understand the potential impact.’
The statement goes on to confirm that the childrens hospital are ‘working with the National Crime Agency as well as partner organisations to secure [their] systems and to take further steps in line with law enforcement advice as well as [their] statutory duties relating to patient data.’
Healthcare providers like Alder Hey are responsible for a monumental amount of incredibly sensitive data. Unfortunately this makes it a key target for malicious actors.
The sensitivity of health data, including diagnoses, treatment plans and medical history makes it of high value to cybercriminals. Confidential information can be sold by hackers quickly - and for a high price, or else hackers will extort the owners for its safe return. Stolen information can also be ideal for stealing money through tactics like fraudulent billing.
Earlier this year Change Healthcare faced a devastating cyber attack in which 100 million patients’ data was stolen, making it the biggest healthcare data breach in recent history. The attack caused over $872 million in losses for the healthcare giant and seriously impacted consumer trust.
Healthcare providers must invest in robust cyber security practices and keep up with the latest trends to help protect patient data.
