Following a cyber attack at the end of November, Alder Hey Children’s NHS Foundation Trust has confirmed that two other organisations were impacted by the breach.
The attack saw criminals gaining access to NHS data through Alder Hey’s digital gateway service, which is shared with Liverpool Heart and Chest Hospital. Alongside these two hospitals, the attacker was also able to gain access to a small amount of data from Royal Liverpool University Hospital.
Following the breach, the attackers published screenshots of the data that was extracted from the systems, however the trust has claimed that it does not believe that this data relates to children and young people.
Whilst services at the hospital have remained unaffected by the breach, Alder Hey Children’s NHS FT has confirmed that it is progressing with the securing of systems that were impacted, with this ensuring that systems can be reconnected once safe. An investigation will also continue into whether or not the attacker was able to obtain confidential data, however this may take some time and there is the possibility that data could be published before the investigation concludes.
In a statement released after stolen data was published online, Alder Hey Children’s NHS Foundation Trust said:
“We are aware that data has been published online and shared via social media that purports to have been obtained illegally from systems shared by Alder Hey and Liverpool Heart and Chest Hospital NHS Foundation Trust. We are working with partners to verify the data that has been published and to understand the potential impact.
“We are taking this issue very seriously and are working with the National Crime Agency as well as partner organisations to secure our systems and to take further steps in line with law enforcement advice as well as our statutory duties relating to patient data.”
In order to respond to the breach, the trust is working alongside the National Crime Agency to make the impacted systems secure, as well as further steps to ensure the protection of confidential data. The Information Commissioner’s Office is also assisting with the contacting and supporting of people who have been impacted by the breach.
Image credit: iStock