Cyber Incident Victim: Medway Community Healthcare

On 2 December 2024, Medway Community Healthcare detected suspicious activity on its IT systems, prompting an immediate disconnection of all systems to protect patient and staff data. The organization publicly announced an ongoing investigation that day but did not specify the nature or origin of the activity. By 17 December 2024, all IT systems remained offline, with restoration efforts still in progress. NHS England oversaw a specialist investigation into the incident, which involved deep-dive forensic analysis to determine potential data exposure. On 13 December, Medway confirmed no evidence of unauthorized access to patient data had been found through this investigation, though the full scope of affected systems was not disclosed.

The IT outage caused significant operational disruptions, including delays in services and reliance on manual processes such as paper-based blood test requisitions. Medway prioritized reconnecting critical patient-facing systems first, implementing a gradual and cautious restoration approach starting 13 December. Staff maintained clinical services throughout the disruption, though the trust acknowledged persistent challenges in normalizing operations. As of 17 December, full system functionality had not been restored, and patients were advised to expect continued adjustments. The incident occurred amid a series of cyber attacks targeting NHS organizations in late November 2024, including Alder Hey Children’s NHS Foundation Trust and Wirral University Teaching Hospital, though no direct connection between these events was established in available reports. Medway provided periodic public updates via its website and direct communications, emphasizing patient safety and thanking stakeholders for their patience during the recovery phase.