Major cyber security incident declared at Merseyside hospital

  • 26 November 2024
Major cyber security incident declared at Merseyside hospital
Aerial view of NHS Arrowe Park Teaching Hospital buildings (Credit: JSvideos / Shutterstock.com)
  • Wirral University Teaching Hospital NHS Foundation Trust has declared a major cyber security incident
  • A trust spokesperson said the ongoing incident is likely to impact performance at Arrow Park Hospital in Wirral
  • All outpatient appointments scheduled for 26 November have been cancelled and longer waits are expected in the emergency department

A “major incident” has been declared at Wirral University Teaching Hospital NHS Foundation Trust “for cyber security reasons”.

In a statement on the trust website, published on 25 November 2024, a spokesperson for the trust said that all outpatient appointments at the trust have been cancelled and the ongoing incident is likely to impact performance at Arrowe Park Hospital in Wirral.

“A major incident has been declared at the trust for cyber security reasons.

“Our business continuity processes are in place, and our priority remains ensuring patient safety.

“All outpatient appointments scheduled today are cancelled. We apologise for any inconvenience and we will contact our patients as soon as possible to rearrange.

“We urge all members of the public to attend the Emergency Department only for genuine emergencies. For non-urgent health concerns, please use NHS 111, visit a walk-in centre, urgent treatment centre, your GP, or pharmacist.”

The trust posted on X about the incident.

A staff member told the Liverpool Echo: “Everything is down. Everything is done electronically so there’s no access to records, results or anything so we are having to do everything manually, which is really difficult. The damage is huge.”

A spokesperson from the National Cyber Security Centre (NCSC) said: “We are working with NHS England to fully understand the impact of an incident.”

The cyber attack is the latest to disrupt NHS services, following a ransomware attack on pathology provider Synnovis in June 2024, which led to 10,152 acute outpatient appointments and 1,710 elective procedures being postponed at King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS FT, and at least five cases of moderate patient harm.

NHS Dumfries and Galloway was also hit by a cyber attack in March 2024, which led to hackers publishing stolen patient information on the dark web.

Despite these attacks, Mike Fell, executive director of national cyber security operations at NHS England, told Digital Health News that cyber attacks “have plateaued, if not are on a downward trend, particularly against the NHS”.

According to the Department of Science, Innovation and Technology (DSIT) , the Cyber Security and Resilience Bill, which is due to be introduced to Parliament in 2025, will prevent attacks on the NHS.

In a statement published on 30 September 2024, the DSIT said: “This Bill will fill an immediate gap in our defences and prevent similar attacks experienced by critical public services in the UK, such as the recent ransomware attack impacting London hospitals.”

In September 2024, an updated cyber resilience framework for health and social care organisations was announced by the National Data Guardian and NHS England.

The change to how organisations measure and self-report their data security capabilities is part of the Department of Health and Social Care’s ‘Cyber security strategy for health and social care: 2023 to 2030’, which aims to align health and care with cyber resilience standards across other sectors.

NHS trusts are also taking action to strengthen their defences against cyber crime. In November 2024, Barts Health NHS Trust rolled out Cynerio’s healthcare-focused cyber security platform across all of its sites.

Fell will be speaking at Rewired 2025 at the NEC in Birmingham on 18-19 March 2025.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

NHS England’s federated data platform: One year on

NHS England’s federated data platform: One year on

Many of the initial concerns about the FDP have proven unfounded one year after its launch, writes Matthew Taylor, CEO of NHS Confederation.
Data published online following data breach at Alder Hey

Data published online following data breach at Alder Hey

A major data breach of Alder Hey Children’s NHS FT's online systems has seen private information published online and shared via social media.
Digital Health Coffee Time Briefing ☕

Digital Health Coffee Time Briefing ☕

Our latest Coffee Time Briefing covers new digital tools at Frimley Health and a report from Google Cloud about generative AI in the NHS.

Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.