A major UK healthcare provider, Wirral University Teaching Hospital (WUTH), part of the NHS Foundation Trust, has fallen victim to a cyberattack that has caused significant disruption to its operations. The WUTH cyberattack, disclosed publicly on Monday, has led to system outages, forcing the hospital to postpone some appointments and scheduled procedures.
As of now, the disruption continues, with efforts underway to resolve the issue of WUTH cyberattack.
Impacted Hospitals and Services in WUTH Cyberattack
WUTH oversees three key hospitals in the United Kingdom: Arrowe Park Hospital, Clatterbridge Hospital, and Wirral Women and Children’s Hospital. Together, these facilities provide a wide range of critical healthcare services, including 24-hour emergency services, acute medical care, critical care, surgery, diagnostics, pediatrics, maternity services, and cancer care.
However, the cyberattack forced WUTH to take certain IT systems offline as a precautionary measure, reverting to manual operations in the affected areas. This shift to paper-based processes has inevitably caused delays, impacting both patients and healthcare workers.
Statement from WUTH
In an update issued on November 28, a WUTH spokesperson confirmed that the organization remains in a state of “major incident” following the targeted cybersecurity attack.
“After detecting suspicious activity, as a precaution, we isolated our systems to ensure that the problem did not spread. This resulted in some IT systems being offline. We have reverted to our business continuity processes and are using paper rather than digital in the areas affected,” the spokesperson explained.
Despite these challenges, the hospital staff continues to prioritize patient safety, working tirelessly to mitigate the impact of the cyberattack. Emergency treatment is being prioritized, although patients are advised to expect longer waiting times in the Emergency Department and assessment areas.
The spokesperson further urged the public to reserve the Emergency Department for genuine emergencies and utilize alternative healthcare services such as NHS 111, walk-in centers, urgent treatment centers, GPs, or pharmacists for non-urgent concerns.
Broader Implications of Cyberattacks in Healthcare
The WUTH cyberattack highlights the increasing vulnerability of the healthcare sector to cyberattacks. While this particular case has caused significant operational disruption, similar attacks in other regions have led to even more severe consequences, such as data breaches and ransom demands.
For instance, in July 2024, the largest recorded healthcare data breach in the United States occurred at Change Healthcare, Inc., where criminal hackers stole personal data affecting 100 million individuals.
Rising Threats and Key Actors
A report by Cyble Research & Intelligence Labs (CRIL) sheds light on the growing number of cyber threats targeting healthcare providers. The report identifies 10 distinct threat actors and several ransomware groups, including LockBit, ALPHV, and RansomHub, as being responsible for a spate of data breaches and ransomware attacks.
Between 2023 and 2024, these groups executed 18 verified data breaches and 121 ransomware attacks on healthcare providers worldwide, including organizations like United Seating and Mobility, Numotion, and Change Healthcare. Collectively, these incidents have resulted in over $1.1 billion in ransom payments globally.
In response, law enforcement agencies have attempted to dismantle the infrastructure of ransomware groups like LockBit, but the evolving nature of cyber threats poses a continuous challenge.
Recommendations for Healthcare Cybersecurity
The increasing reliance on technology in the healthcare sector necessitates cybersecurity measures. CRIL recommends the following strategies to protect sensitive data and ensure the resilience of healthcare services:
- Enhanced Threat Intelligence: Proactive monitoring of underground marketplaces and cyber threat actors to detect potential risks before they materialize.
- Robust Cybersecurity Defenses: Strengthening IT systems with advanced security protocols to prevent unauthorized access and mitigate ransomware attacks.
- Collaboration and Intelligence Sharing: Encouraging sector-wide partnerships to share insights, tools, and best practices for combating cyber threats.
- Incident Response Planning: Establishing comprehensive business continuity plans to minimize disruptions during cyber incidents.
These measures are critical not only for safeguarding patient information but also for maintaining trust in the healthcare sector’s ability to provide uninterrupted care.
Looking Ahead
While WUTH works to resolve the ongoing cyberattack, the incident serves as a stark reminder of the vulnerabilities faced by healthcare organizations worldwide.
The WUTH spokesperson assured the public that efforts are underway to restore normalcy:
“We are working closely with national cybersecurity services and are planning to return to normal services at the earliest opportunity. Unfortunately, some scheduled appointments have been affected, but they will be rescheduled. Patients are advised to attend their appointments as planned unless contacted otherwise.”
This ongoing story will continue to be updated as new information becomes available. For now, it highlights the urgent need for healthcare organizations to prioritize cybersecurity as a core element of their operations.
