Cyber Incident Victim: Alder Hey Children's NHS Foundation Trust

On November 28, 2024, a cyberattack targeted a shared digital gateway service used by Alder Hey Children's NHS Foundation Trust and Liverpool Heart and Chest Hospital (LHCH), compromising systems across three NHS organizations. The breach also affected the Royal Liverpool University Hospital (RLUH), with preliminary findings indicating a small amount of its data was accessed. Criminal actors unlawfully obtained access to systems containing personal information including names, addresses, medical records, and financial details spanning from 2018 to 2024. The ransomware group INC claimed responsibility for the attack and published screenshots of allegedly stolen sensitive data online. While the full extent of the breach remains under investigation, the Trust confirmed hospital services—including patient appointments—continued operating normally, with impacted systems being reconnected under guidance from the Information Commissioner’s Office (ICO).

The incident followed a separate November 25 cyberattack on Wirral’s Arrowe Park Hospital, which had triggered a major incident declaration due to severe service disruptions including extended A&E wait times and appointment cancellations. Although Arrowe Park’s status was later downgraded to a business continuity incident, some services remained impaired during recovery efforts. Merseyside Police collaborated with the National Crime Agency and National Cyber Security Centre to investigate both attacks. The ICO emphasized organizational responsibility for handling sensitive medical data and advised affected individuals to first contact the Trust with concerns. This marked the latest in a series of 2024 NHS cybersecurity incidents, including a June ransomware attack on pathology provider Synnovis that canceled thousands of appointments and a March INC ransomware breach at NHS Dumfries and Galloway involving three terabytes of stolen data.