Major cyber security incident declared at Merseyside hospital

  • 26 November 2024
Major cyber security incident declared at Merseyside hospital
Aerial view of NHS Arrowe Park Teaching Hospital buildings (Credit: JSvideos / Shutterstock.com)
  • Wirral University Teaching Hospital NHS Foundation Trust has declared a major cyber security incident
  • A trust spokesperson said the ongoing incident is likely to impact performance at Arrow Park Hospital in Wirral
  • All outpatient appointments scheduled for 26 November have been cancelled and longer waits are expected in the emergency department

A “major incident” has been declared at Wirral University Teaching Hospital NHS Foundation Trust “for cyber security reasons”.

In a statement on the trust website, published on 25 November 2024, a spokesperson for the trust said that all outpatient appointments at the trust have been cancelled and the ongoing incident is likely to impact performance at Arrowe Park Hospital in Wirral.

“A major incident has been declared at the trust for cyber security reasons.

“Our business continuity processes are in place, and our priority remains ensuring patient safety.

“All outpatient appointments scheduled today are cancelled. We apologise for any inconvenience and we will contact our patients as soon as possible to rearrange.

“We urge all members of the public to attend the Emergency Department only for genuine emergencies. For non-urgent health concerns, please use NHS 111, visit a walk-in centre, urgent treatment centre, your GP, or pharmacist.”

The trust posted on X about the incident.

A staff member told the Liverpool Echo: “Everything is down. Everything is done electronically so there’s no access to records, results or anything so we are having to do everything manually, which is really difficult. The damage is huge.”

A spokesperson from the National Cyber Security Centre (NCSC) said: “We are working with NHS England to fully understand the impact of an incident.”

The cyber attack is the latest to disrupt NHS services, following a ransomware attack on pathology provider Synnovis in June 2024, which led to 10,152 acute outpatient appointments and 1,710 elective procedures being postponed at King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS FT, and at least five cases of moderate patient harm.

NHS Dumfries and Galloway was also hit by a cyber attack in March 2024, which led to hackers publishing stolen patient information on the dark web.

Despite these attacks, Mike Fell, executive director of national cyber security operations at NHS England, told Digital Health News that cyber attacks “have plateaued, if not are on a downward trend, particularly against the NHS”.

According to the Department of Science, Innovation and Technology (DSIT) , the Cyber Security and Resilience Bill, which is due to be introduced to Parliament in 2025, will prevent attacks on the NHS.

In a statement published on 30 September 2024, the DSIT said: “This Bill will fill an immediate gap in our defences and prevent similar attacks experienced by critical public services in the UK, such as the recent ransomware attack impacting London hospitals.”

In September 2024, an updated cyber resilience framework for health and social care organisations was announced by the National Data Guardian and NHS England.

The change to how organisations measure and self-report their data security capabilities is part of the Department of Health and Social Care’s ‘Cyber security strategy for health and social care: 2023 to 2030’, which aims to align health and care with cyber resilience standards across other sectors.

NHS trusts are also taking action to strengthen their defences against cyber crime. In November 2024, Barts Health NHS Trust rolled out Cynerio’s healthcare-focused cyber security platform across all of its sites.

Fell will be speaking at Rewired 2025 at the NEC in Birmingham on 18-19 March 2025.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Digital Health Unplugged: 2024 Year in Review

Digital Health Unplugged: 2024 Year in Review

In the final Unplugged of the year, the Digital Health news team reflect on the biggest stories covered in 2024 and look ahead to 2025.
IT systems in Medway disconnected due to ‘suspicious activity’

IT systems in Medway disconnected due to ‘suspicious activity’

Medway Community Healthcare has disconnected its IT systems to “protect patient and staff data” after detecting some “suspicious activity”.
Members of data and tech group for 10 year health plan revealed

Members of data and tech group for 10 year health plan revealed

Exclusive: Digital Health reveals the membership of the key group leading strategy on data and technology for the NHS 10 year health plan.

Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.