back to article Ransom gang claims attack on NHS Alder Hey Children's Hospital

Yet another of the UK's National Health Service (NHS) systems appears to be under attack, with a ransomware gang threatening to leak stolen data it says is from one of England's top children's hospitals. The attack on Liverpool's Alder Hey Children's Hospital and Liverpool Heart and Chest Hospital NHS Foundation Trust is …

  1. Martin Summers

    Line them up against a wall and shoot. No mercy for vermin who attack healthcare in particular.

    1. cyberdemon Silver badge
      Unhappy

      Re: No mercy for vermin who attack healthcare

      Tell that to the IDF..

      By April, WHO had verified 906 attacks on healthcare in Gaza, the West Bank, Israel, and Lebanon.[5] As of June 2024, according to WHO, Israel has attacked 464 health care facilities, killed 727 health care workers, injured 933 health care workers, and damaged or destroyed 113 ambulances [6]

      Not to mention the number of children's hospitals blown up by Mad Vlad

      Not trying to minimise the ransom scum here obviously, but just pointing out the much larger scale scummery coming from Israel and Russia that everyone seems to want to forget about these days

      Tbh i'd guess this latest cyber scummery is probably linked to the above, i.e. either coming from Russia in revenge for the UK's support for Ukraine, or from Iran in revenge for the UK's support for Israel

      1. Martin Summers

        Re: No mercy for vermin who attack healthcare

        Completely agree with you. No doubt some of these places are being used as shields, but targeting them is not the answer. The innocent are never considered in matters of war or targeted attacks. It's easy to launch an attack from a far off place coldly and clinically and never see, understand or feel the hell unleashed.

        1. Anonymous Coward
          Anonymous Coward

          Re: No mercy for vermin who attack healthcare

          "No doubt some of these places are being used as shields, but targeting them is not the answer".

          Agreed - using civilians as a human shield is cowardly and despicable, but choosing to smash through that shield *anyway* to get at the people behind it is grotesque.

      2. TeeCee Gold badge
        Facepalm

        Re: No mercy for vermin who attack healthcare

        Meanwhile, Syria is up to 500,000 odd so far.

        But then Iran don't have a dog in that fight and aren't getting their stooges to stir up the "useful idiots" and make a fuss about it.

    2. Doctor Syntax Silver badge

      "Line them up against a wall and shoot."

      First get your hands on them.

      Serious rewards for information leading to arrest might help. If it happened that a necessary preliminary were abduction from somewhere where arrest is not feasible to somewhere where it is, so be it.

    3. MJI Silver badge

      Organ donors first, don't want to waste the kidneys/livers ect

  2. tip pc Silver badge
    Big Brother

    Private networks

    These systems should be interconnected via private networks, not generally available via the internet.

    Remote access should be to hosted virtual desktops etc with strong security & limited access etc.

    in my time in government all our sites where interconnected via frame relay then private mpls, Internet break out was via 2 main sites only via proxies etc.

    Its still possible to get private mpls circuits and also hop across privately to the big databarns like aws/azure/gcp etc without making those systems directly addressable to the general internet.

    its possible that the hospitals are connected privately and the miscreants came in over the internet & exfiltrated / caused their mayhem that way but less likely especially if good internet access controls are used.

    its time a government security department ensured high standards of security for these systems & could swoop in to take control when things like this happen.

    i guess there is this

    https://www.npsa.gov.uk

    https://www.security.gov.uk/policy-and-guidance/secure-by-design/principles/

    & the good practice guide in what ever form its in now.

  3. S4qFBxkFFg

    We need a law against ransom payments (or more generally, paying anyone known to be committing serious crime), one which doesn't have any loopholes for the various "consultants" who take advantage of the victims.

    There would need to be rewards for whistleblowers too. The idea would be to make it impossible for any organisation, private or public, to make a substantial ransom payment without the risk that (for example) a low-level finance employee will notice something funny and report it for the reward.

  4. Wang Cores

    Attacking a children's hospital is literally villain shit.

    What next, we gonna have an epidemic of weirdoes tying women to thoroughfares and twirling their mustaches while doing so?

    1. wolfetone Silver badge

      I agree with all of this.

      But what are we doing as a country and not treating our healthcare IT the same as we treat our infrastructure? I want that question answered. We've had too many healthcare facilities like this being attacked and nothing has been done. They ought to be treated the same as everything else we consider to be critical.

  5. Sub 20 Pilot

    Find these cunts.

    Spend the money that would be handed over to them in doing so.

    Nail them to a tree and burn the fuckers.

    Film it and put it out there as a warning to others.

    There is a lot of bad in the world and a lot of good.

    Evil cunts that target a childrens hospital is about the lowest you can get.

    I do hope the bastards have a slow painful death whenever it happens.

    1. Sub 20 Pilot

      I am far from being wealthy but would happily throw a £1k or so into a pot that would actually destroy these fucking parasites.

    2. JT_3K

      I reserve that word for special use cases. In this case it's justified.

      Children's. Hospital.

      Remember that "data" in hospital breaches often includes pictures of vulnerable people in their most challenged moments that are needed for medical reasons but otherwise shouldn't be shared. Cancer hospitals and pictures of mastectomy come to mind.

      Children's. Hospital.

      Nope.

  6. Tron Silver badge

    Modest proposal.

    If you cannot protect data from these people, by the usual techniques - airgapping, encryption and the like, keep it on paper in a cupboard.

  7. TimMaher Silver badge
    Flame

    Backup

    And make sure that you photo-copy them and keep the copies in a fire-proof cellar in a secure building in a different city.

    1. AVR Bronze badge

      Re: Backup

      It does seem that the hospital is still operating, the threat is reportedly leaking info rather than paralyzing their IT. So yeah, maybe they do have good backup procedures.

      1. Nedly

        Re: Backup

        yes they do, pen & paper

  8. Anonymous Coward
    Anonymous Coward

    I've said it before and I'll say it again, while these people need a fucking slap, those that are clicking on random links also need to understand they are part of the problem and have their share of the blame meted out to them in the form of disciplinary action. Until people learn good IT hygiene we will continue to see these sorts of issues.

    If I caused this sort of issue in my organisation I'd be sacked. Anyone else should expect the same.

    1. Victor Ludorum
      Unhappy

      The problem is...

      Until people learn good IT hygiene...

      When you have staff that are exhausted, over-worked and under-resourced with Windows 7 machines in front of them, this will continue to happen.

      Especially when the general attitude is 'the IT department are supposed to stop these sorts of things from happening, so it's their fault, not mine'...

      I seem to recall some of the original ransomware criminals promised not to touch healthcare systems, but that seems to be ignored more and more now...

      Personally, I think anyone attacking healthcare systems should be strung up by the unmentionables and left to rot.

      Anyone attacking childrens healthcare systems I have no words for. Lower than low.

  9. keithpeter Silver badge
    Windows

    Just wondering what the advantage to the attackers is?

    Have they not realised that ransom is unlikely to be paid, and are they aware of the consequences of their identity being discovered?

    One imagines that they might get more dosh from some tax-dodging mega-corp that was engaged in large scale exploitation somewhere.

    Oh, and given this involves possible damage to local children and their families in Liverpool I would definitely avoid any travel to the city if names known.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like