Skip to content
Muted
  Vibrant
Map & Directions Contact us

Cyber Issue Latest

Statement: Thursday 5th December 2024

Following our earlier statements, we can confirm that there has been a single cyber-attack that has impacted three NHS organisations.

Criminals gained unlawful access to data through a digital gateway service hosted by Alder Hey. This digital gateway is shared by Alder Hey and Liverpool Heart and Chest Hospital. This has resulted in the attacker unlawfully getting access to systems containing data from Alder Hey Children’s NHS Foundation Trust, Liverpool Heart and Chest Hospital, and a small amount of data from Royal Liverpool University Hospital. We have launched an investigation which is still ongoing to determine the full facts around what data has been obtained unlawfully.

Hospital services remain unaffected and continue to run normally. Patients are advised to continue to attend appointments.

As part of our response to this threat, we have made progress in securing impacted systems and ensuring the attackers do not have continued access. This means that we are in a position to begin to reconnect our systems when it is safe to do so.

The attacker has claimed to have extracted data from impacted systems. Screenshots of data the attacker claims to have taken were published online last Thursday (28th November 2024). We have reviewed the information published on the 28th November and from our review we do not believe the data published or accessed unlawfully relates to children and young people.

We are continuing to take this issue very seriously while investigations continue into whether the attacker has obtained confidential data. The investigation into the data may take some time, and there is a possibility that the attacker may publish the data before our investigation is concluded. 

As soon as we are able to update on the impact to people’s data, we will provide a further update. Work is continuing with the National Crime Agency to secure impacted systems and to take further steps in line with law enforcement advice. We are also following guidance from the Information Commissioner’s Office and will ensure that anyone impacted by this data breach is contacted directly and supported.

 

Statement: Wednesday 4th Decemeber 2024

Following our statement on Thursday 28th November, we can now confirm that there has been a single cyber-attack that has impacted three NHS organisations.

Criminals gained unlawful access to data through a digital gateway service shared by Alder Hey and Liverpool Heart and Chest Hospital. This has resulted in the attacker unlawfully getting access to systems containing data from Alder Hey Children’s NHS Foundation Trust, Liverpool Heart and Chest Hospital, and a small amount of data from Royal Liverpool University Hospital.

We have launched an investigation which is still ongoing to determine the full facts around what data has been obtained unlawfully.

Hospital services remain unaffected and continue to run normally. Patients are advised to continue to attend appointments.

As part of our response to this threat we have made progress in securing impacted systems and in ensuring the attackers do not have continued access.

The attacker has claimed to have extracted data from impacted systems. Screenshots of data the attacker claims to have taken were published online last Thursday (28th November 2024). We are continuing to take this issue very seriously while investigations continue into whether the attacker has obtained confidential data. The investigation into the data may take some time, and there is a possibility that the attacker may publish the data before our investigation is concluded. 

As soon as we are able to update on the impact to people’s data, we will provide a further update. Work is continuing with the National Crime Agency to secure impacted systems and to take further steps in line with law enforcement advice. We are also following guidance from the Information Commissioner’s Office and will ensure that anyone impacted by this data breach is contacted directly and supported.

 

 

Statement: Thursday 28th November 2024

We are aware that data has been published online and shared via social media which purports to have been obtained illegally from systems shared by Alder Hey and Liverpool Heart and Chest Hospital.

We are working with partners to verify the data that has been published and to understand the potential impact.

We are taking this issue very seriously and are working with the National Crime Agency as well as partner organisations to secure our systems and to take further steps in line with law enforcement advice as well as our statutory duties relating to patient data.

This incident is not linked to the ongoing incident at Wirral University Teaching Hospitals.

Our services are operating as normal, and patients should attend appointments as usual.