No guarantees of payday for ransomware gang that claims to have hacked children's hospital

One of Europe's busiest hospitals is investigating if it has been hacked by a notorious ransomware gang.

Alder Hey Children's Hospital in Liverpool says it is aware that the INC Ransom group has published screenshots on the dark web of what is claimed to be patients' personal information, details of donations from benefactors, and other data.

If INC Ransom is to be believed, the haul of stolen data is significant - stretching as far back as 2018 right up until 2024.

Alder Hey Childen's Hospital, which treats more than 450,000 patients every year, says it is working closely with the National Crime Agency (NCA) and others to ensure that its IT systems are secure.

In a statement published on its website, Alder Hey Children’s NHS Foundation Trust said that the attack was not linked to the ongoing ransomware attack at nearby Wirral University Teaching Hospital (WUTH), believed to be the work of the rival RansomHub gang.

I wouldn't wish on any parent the experience of having a seriously sick child. Heartless ransomware gangs such as INC Ransom have proven time and time again that they couldn't care less about the harm they cause by hacking healthcare institutions - all they care about is making money.

And if that's what INC Ransom is hoping for - I think they are going to be disappointed. I strongly suspect that Alder Hey Children's Hospital will not give in to the extortionist's demands, and will simply refuse to pay a ransom.

And if that's the case, what is the point of INC Ransom's attack? They are not likely to be paid, and the attack on a children's hospital only increases the chances that they will one day find their collars felt by law enforcement.

After all, might not a member of the criminal underground who could provide a key clue to the identity of those behind the Alder Hey attack have a crisis of conscience one day?

Fortunately, Alder Hey Children's Hospital says that it continues to operate as normal, and that patients' care has not been disrupted as a result of the suspected data breach, in what appears to be the latest in a string of ransomware attacks against NHS organisations.

Back in February, for instance, the INC Ransom ransomware group hit the IT systems at National Health Service in Dumfries and Galloway, accessing an alleged three terabytes of patient and staff data.

INC Ransom published screenshots of exfiltrated data on the dark web, including data related to some children's mental health.

Thankfully, as with the Alder Hey attack, there was no disruption to patient care. But that's not to suggest that there weren't costs.

Authorities set up a dedicated telephone helpline, and sent letters to every household in Dumfries and Galloway, warning about the data breach and advising residents to take precautions if they received suspicious communications.

Hospitals are frequently under-resourced and under-funded. Yes, they may be a soft target for cybercriminals - but that doesn't mean a guaranteed pay-day if a hospital is hacked.