INC Ransom Claims CyberAttack on UK Childrenâs Hospital Infosecurity Magazine

pReporter Infosecurity MagazineppAn infamous ransomware group has claimed to have compromised sensitive data from a childrens hospital in Liverpool UKppOn November 28 INC Ransom posted on its data leak site that it has obtained largescale data patient records donor reports and procurement data for 20182024 from Alder Hey Childrens NHS Foundation TrustppThe Trust quickly acknowledged the claim and said in a November 28 statement We are aware that data has been published online and shared via social media that purports to have been obtained illegally from systems shared by Alder Hey and Liverpool Heart and Chest Hospital NHS Foundation TrustppAlder Hey staff members are working with the UKs National Crime Agency NCA and other partners to verify the data and understand the impact of the alleged attackppThe organization said that its services are operating normally and patients should attend appointments as usualppWe are taking this issue very seriously to secure our systems and take further steps in line with law enforcement advice as well as our statutory duties relating to patient data the Trust addedppThis incident is not linked to the recent incident at Wirral University Teaching Hospitals also around LiverpoolppSpeaking to Infosecurity Will Thomas SANS Instructor and CTI researcher said that while it is still unknown if the claim by INC Ransom is legitimate a Citrix instance from Alder Hey NHS Foundation Trusts IT systems has stopped respondingppHe noted that the cyber defenders at Alder Hey have likely taken the Citrix instance down while they investigateppHe added that INC Ransom is known to use CitrixBleed CVE20234966 a critical software vulnerability found in 2023 in Citrix NetScaler ADC and NetScaler Gateway appliances This vulnerability allows threat actors to bypass multifactor authentication MFA and hijack legitimate user sessionsppINC Ransom has targeted UK public organizations in the pastp