NHS Trust Declares Major Incident for “Cybersecurity Reasons”

Written by

A UK NHS Trust has declared a major incident and has cancelled all outpatient appointments, citing “cybersecurity reasons.”

Wirral University Teaching Hospital (WUTH) has also urged the public to only attend its Emergency Department for “genuine emergencies” while it responds.

A spokesperson for the NHS Trust said on November 25: “A major incident has been declared at the Trust for cybersecurity reasons. Our business continuity processes are in place, and our priority remains ensuring patient safety.”

The Trust responsible for a group of hospitals in northwest England, including Arrowe Park Hospital, Clatterbridge Hospital, and Wirral Women and Children’s Hospital.

An update on the Trust’s X (formerly Twitter) account on November 26 confirmed that all outpatient appointments remain cancelled across its sites.

No other details about the nature of the incident have been provided at the time of writing and it has not been confirmed as a cyber-attack.

Local newspaper, the Liverpool Echo, quoted one staff member at the Trust as saying: “Everything is down. Everything is done electronically so there’s no access to records, results or anything so we are having to do everything manually, which is really difficult. The damage is huge."

NHS Hospitals Under Cyber Siege

The incident WUTH is the latest in a line of damaging cyber events impacting UK NHS Hospitals in 2024.

A ransomware attack on pathology provider Synnovis in June caused the cancellation of thousands of elective procedures and acute outpatient appointments at several London hospitals. Sensitive patient data was reportedly exfiltrated by the attackers.

In March, Scottish NHS Trust Dumfries and Galloway confirmed that patient clinical data was accessed and published online by hackers after a ransomware attack on its systems.

Commenting on the latest incident, Spencer Starkey, Executive VP of EMEA at SonicWall, explained that the healthcare sector is a prime target for cybercriminals, particularly ransomware actors, due to the sensitive data held and potential to cause significant real-world disruption and harm.

“Not only do these attacks risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life. The ramifications of an attack on the healthcare sector can be disastrous and it's important to place the utmost amount of time, money and efforts on securing them," he commented.

Trevor Dearing, Director of Critical Infrastructure at Illumio, commented, "In the case of [WUTH], it is positive to see business continuity plans in place, but any compromise to patient services can put lives at risk. It’s vital that all hospitals focus on reducing the impact of attacks by building containment capabilities to reduce the impact on critical services.”

Update November 28: A Wirral University Teaching Hospital spokesperson provided an update on the incident at 16.40 GMT on November 27, revealing that the Trust had detected "suspicious activity" on its network, and as a precaution isolated its systems to ensure that the problem did not spread.

"We have reverted to our business continuity processes and are using paper rather than digital in the areas affected. We are working closely with the national cyber security services and we are planning to return to normal services at the earliest opportunity," the spokesperson said.

Patients are advised to continue to attend any scheduled appointments, along with their appointment letters, unless contacted otherwise.  The Trust also warned that there are likely to be longer than usual waiting times for unplanned treatment in Emergency Department and assessment areas.

What’s hot on Infosecurity Magazine?