Cyberattack Forces UK Hospital Network to Postpone Surgeries

A major cyberattack has disrupted operations at the Wirral University Teaching Hospital (part of the NHS Foundation Trust), forcing the postponement of surgeries, outpatient appointments, and other procedures. The WUTH is a healthcare organization which operates Arrowe Park, Clatterbridge, and Wirral Women and Children’s hospitals.

According to Bleeping Computer, some IT systems were shut down to prevent further damage after suspicious activity was detected. A hospital spokesperson stated, “We have reverted to our business continuity processes and are using paper rather than digital in the areas affected.” The move has caused delays in patient care, with staff unable to access records or diagnostic tools.

The disruption has drawn significant attention, with patients at Arrowe Park having been told X-rays, treatments, and surgeries are unavailable for the time being. A staff member explained to the Liverpool Echo, “Everything is done electronically, so there’s no access to records, results, or anything, so we are having to do everything manually, which is really difficult.”

The hospital has urged the public to use its emergency services only for genuine emergencies, as waiting times have increased significantly.

In a separate but equally concerning incident, Alder Hey Children’s Hospital in Liverpool is investigating claims of a ransomware-related data breach. According to The Guardian, the ransomware group INC Ransom has published screenshots on the dark web that appear to contain patient records and financial documents. In response, Alder Hey confirmed it is working with the National Crime Agency to verify the authenticity of the data and secure its systems.

While Alder Hey’s services remain unaffected, the incident raises fears of long-term implications similar to the Norton Healthcare breach, in which millions of patient records were reportedly stolen.

These incidents reflect a troubling pattern of ransomware targeting the healthcare sector. Earlier this year, we reported that UnitedHealth paid a $22 million ransom to regain control of its systems after hackers crippled its operations. Such cases demonstrate the lengths attackers are willing to go to, and the financial burden institutions may face to recover from these intrusions.

Both hospitals in Liverpool are working tirelessly to restore their systems and protect sensitive data. However, these breaches emphasize the growing threat to healthcare infrastructure worldwide, underlining the urgent need for strengthened cybersecurity measures to safeguard patient care and sensitive information.