Major incident declared as Merseyside hospitals hit by cyber attack

Hospitals across Merseyside are cancelling appointments following a 'major' cybersecurity incident.

Arrowe Park Hospital in the Wirral was the first to sound the alert, with patients asked to avoid attending the hospital's A&E department except in cases of medical emergency, and outpatient appointments cancelled.

The hack initially affected the Wirral University Teaching Hospital Trust, which also manages Clatterbridge Hospital, and the Wirral Women and Children's Hospital, all of which are also affected.

"A major incident was declared at the Trust yesterday for cyber security reasons and the incident remains ongoing. We are working to rectify the issue and our business continuity processes are in place," said a Wirral University Teaching Hospital spokesperson.

"Our priority remains ensuring patient safety. Some outpatient appointments scheduled today and tomorrow are cancelled. Where appointments have been cancelled, we have contacted patients directly. We apologize for any inconvenience and we will contact our patients as soon as possible to rearrange."

In addition to patient disruption, staff have reportedly been unable to access electronic records as a result of the incident.

The attack marks the latest in a slew of highly disruptive cyber attacks on healthcare organizations both in the UK and globally in recent years.

According to research from cybersecurity training firm KnowBe4, the global healthcare sector was hit by 1,613 attacks per week in the first three quarters of last year, nearly four times the global average for all industry sectors.

Earlier this year, a cyber attack forced Kings College Hospital Foundation Trust and Guy’s and St Thomas’ Hospitals Foundation Trust in London to suspend critical operations following the breach of blood test supplier Synnovis.

Other UK incidents over the last couple of years include a ransomware attack on the Barts Health NHS Trust, claimed by the Russian ransomware gang BlackCat.

The group said it had accessed 7TB of data, including the National Insurance numbers and financial details of staff and patients.

In February this year, an attack on NHS Dumfries and Galloway saw a large volume of patient and staff-identifiable data accessed.

"Hospitals are prime targets for cyberattacks due to the massive disruption they can cause — and as more connected devices and open Wi-Fi networks emerge, these attacks will only grow," warned Trevor Dearing, director of critical infrastructure at Illumio.

Dearing urged healthcare organizations to focus on reducing the impact of attacks by building containment capabilities:

"Adopting a breach containment mindset allows hospitals to quickly isolate affected systems and limit attacker movement to reduce overall damage.

"Cyberattacks aren’t going away, but hospitals must reach a point where patient care — urgent or routine — remains uninterrupted."

In September, the National Data Guardian (NDG) and NHS England released a new cyber resilience framework for health and social care organisations based on the National Cyber Security Centre’s cyber assessment framework.

Speaking at the time, national data guardian Dr. Nicola Byrne said the move represented "a positive evolution, offering organizations a more current framework for evaluating and improving their data protection and cyber resilience".