On November 28, the ransomware group INC Ransom claimed to have compromised sensitive data from Alder Hey Children’s NHS Foundation Trust in Liverpool, UK. They posted on their data leak site that they have obtained large-scale data, including patient records, donor reports, and procurement data from 2018 to 2024
Alder Hey Children’s NHS Foundation Trust quickly acknowledged the claim and issued a statement on November 28, confirming that they were aware of the data being published online and shared via social media. They emphasized that they are working with partners, including the National Crime Agency, to verify the data and understand the potential impact
The situation is indeed serious, but it’s reassuring to see that Alder Hey Children’s NHS Foundation Trust is taking swift action. They’re working closely with the UK’s National Crime Agency (NCA) and other partners to verify the data and assess the impact of the attack. Despite the incident, the organization has stated that its services are operating normally, and patients should continue to attend their appointments as scheduled.
The INC ransomware gang first emerged in July 2023, and as of April this year, its second most popular target was healthcare organisations, the majority of them based in the US. However, it has also claimed victims in the UK and this year said it was responsible for an attack on NHS Dumfries and Galloway health board.
INC Ransom is known to use CitrixBleed (CVE-2023-4966), a critical software vulnerability found in 2023 in Citrix NetScaler ADC and NetScaler Gateway appliances. This vulnerability allows threat actors to bypass multifactor authentication (MFA) and hijack legitimate user sessions
