Hospitals in Merseyside, including Arrowe Park Hospital in the Wirral, are facing significant disruptions following a cyber attack on the Wirral University Teaching Hospital Trust. Outpatient appointments have been canceled, and patients have been advised to avoid visiting the A&E department unless in a medical emergency.
A spokesperson for the Trust confirmed, “A major incident was declared yesterday for cyber security reasons and remains ongoing. Our business continuity processes are in place, and our priority remains ensuring patient safety. We apologize for any inconvenience and will contact patients to reschedule canceled appointments.”
Rising Cyber Threats to Healthcare
The breach has also affected staff, who are struggling to access electronic records, highlighting the increasing frequency of cyber attacks on healthcare systems in the UK and globally. Research by KnowBe4 shows that the global healthcare sector faced an average of 1,613 attacks per week during the first three quarters of 2023 — four times higher than the global average.
Earlier in 2024, a cyber attack on Kings College Hospital Foundation forced the shutdown of critical operations due to a breach at blood test supplier Synnovis.
In recent years, similar incidents have plagued the UK healthcare system:
- A ransomware attack on Barts NHS Trust by the Russian BlackCat gang resulted in the theft of 7TB of sensitive data.
- In February 2023, NHS Dumfries and Galloway faced a breach compromising patient and staff information.
In response to these escalating threats, the National Data Guardian (NDG) and NHS England introduced a new cyber resilience framework in September 2023. Dr. Nicola Byrne, National Data Guardian, stated that the framework provides organizations with a "current and evolving approach to enhance data protection and cyber resilience."
