Update from 5 December 2024:
Following our earlier statements, we can confirm that there has been a single cyber-attack that has impacted three NHS organisations.
Criminals gained unlawful access to data through a digital gateway service hosted by Alder Hey. This digital gateway is shared by Alder Hey and Liverpool Heart and Chest Hospital. This has resulted in the attacker unlawfully getting access to systems containing data from Alder Hey Children’s NHS Foundation Trust, Liverpool Heart and Chest Hospital, and a small amount of data from Royal Liverpool University Hospital. We have launched an investigation which is still ongoing to determine the full facts around what data has been obtained unlawfully.
Hospital services remain unaffected and continue to run normally. Patients are advised to continue to attend appointments.
As part of our response to this threat we have made progress in securing impacted systems and ensuring the attackers do not have continued access. This means that we are in a position to begin to reconnect our systems when it is safe to do so.
The attacker has claimed to have extracted data from impacted systems. Screenshots of data the attacker claims to have taken were published online last Thursday (28th November 2024). We have reviewed the information published on the 28th November and from our review we do not believe the data published or accessed unlawfully relates to children and young people.
We are continuing to take this issue very seriously while investigations continue into whether the attacker has obtained confidential data. The investigation into the data may take some time, and there is a possibility that the attacker may publish the data before our investigation is concluded.
As soon as we are able to update on the impact to people’s data, we will provide a further update. Work is continuing with the National Crime Agency to secure impacted systems and to take further steps in line with law enforcement advice. We are also following guidance from the Information Commissioner’s Office and will ensure that anyone impacted by this data breach is contacted directly and supported.
If you have a concern in relation to this incident, please call 0151 706 3602 (available Monday - Friday, 9am - 4pm, excluding Bank Holidays).
Frequently Asked Questions
There has been a single cyber-attack that has impacted three NHS organisations in Liverpool.
Criminals gained unlawful access to systems potentially containing data from Alder Hey Children’s Hospital, Liverpool Heart and Chest Hospital, and a small amount of data from Royal Liverpool University Hospital.
The attacker has claimed to have extracted data from impacted systems. Screenshots of data the attacker claims to have taken were published online last Thursday (28th November 2024). We have reviewed the information published on the 28th November and from our review we do not believe the data published or accessed unlawfully relates to children and young people.
A criminal investigation has been launched - which is still ongoing - to determine the full facts around what data has been obtained unlawfully.
We are taking this issue very seriously and are working with the National Crime Agency as well as partner organisations to secure our systems and to take further steps in line with law enforcement advice as well as our statutory duties relating to patient data.
The NHS takes the security of people’s data very seriously and we are working with the National Crime Agency on this incident.
Hospital services remain unaffected and continue to run normally, and patients are advised to continue to attend appointments.
A forensic investigation is currently underway to assess the impact on people’s data.
A cyber-criminal group has claimed on social media to be in possession of data taken from impacted systems, and we are working with partners to verify what data has been obtained illegally.
We are taking this issue very seriously and are working with the National Crime Agency as well as partner organisations to secure our systems and to take further steps in line with law enforcement advice as well as our statutory duties relating to patient data.
You should always be alert to approaches from anyone claiming to have your data and to any other suspicious calls or emails, particularly if you are asked to provide personal or financial data.
If you are contacted by someone who claims they have your data please contact Action Fraud who are the UK’s national reporting centre for fraud and cybercrime or call 0300 123 2040.
Send suspicious emails to report
The National Cyber Security Centre (NCSC) has further guidance for individuals and families on data breaches.
You will not receive unexpected contact from the NHS asking for personal or financial information.
If you receive an unexpected or suspicious email or a communication by other means that claims to come from the NHS, you should double-check it’s legitimate by contacting the organisation or department directly.
Don’t use an address or phone number from the message itself – use the details from the official organisation’s website, for example the NHS Trust or GP practice where you’ve been receiving care.
Please contact Action Fraud who are the UK’s national reporting centre for fraud and cybercrime or call 0300 123 2040.
Send suspicious emails to report
We understand people will be concerned. Investigations of this type are complex and can take time. Given the complexity of the investigation it may be some weeks before it is clear which individuals have been impacted.
As more detail becomes available through our full investigation, along with Liverpool Heart and Chest Hospital and Royal Liverpool University Hospital, we will continue to provide updates on our website.
Screenshots claiming to be stolen data have been shared online by the cyber-criminal group that claims responsibility for the attack. We are currently working through this data to assess the impact. We have reviewed the information published on the 28th November and from our review we do not believe the data published or accessed unlawfully relates to children and young people.
We are also conducting a forensic analysis of impacted systems to understand what data has potentially been impacted. In a healthcare setting personal data can include information such as demographic details as well as more sensitive information such as medical history.
The investigation into what data has been stolen and released is ongoing.
Investigations of this type are complex and can take time. Given the complexity of the investigation it may be some weeks before we are clear about which individuals have been impacted.
As more detail becomes available through our full investigation, along with Liverpool Heart and Chest Hospital and Royal Liverpool University Hospital we will continue to provide updates on our website.
We understand you may feel concerned about this, and we are working hard to verify the data as soon as we are able to do so. In the meantime, this website contains the most up to date information about the cyber incident and will be regularly updated.
You should continue to access NHS services as normal, both routine appointments and urgent care.
Hospital services remain unaffected and continue to run normally, and patients are advised to continue to attend appointments.