INC ransomware gang claims attack on Alder Hey Children's NHS Foundation Trust

Alder Hey Children's NHS Foundation Trust, one of Europe's busiest children's hospitals serving over 450,000 patients annually, is investigating a potential data breach claimed by the INC Ransom group.

The INC Ransom group has published 11 screenshots on the dark web allegedly containing sensitive hospital data. Researchers suggests the attack may have exploited CitrixBleed (CVE-2023-4966), a critical vulnerability in Citrix NetScaler ADC and NetScaler Gateway appliances discovered in 2023. A Citrix instance from the hospital's IT systems has reportedly stopped responding, likely taken offline by defenders during investigation.

The hospital continues operating normally, and patients are advised to attend appointments as scheduled. The National Crime Agency is involved in securing IT systems and the trust is working to verify the authenticity of the published data

Claimed exposed data:

• Patient records and medical reports
• Personal information including names and addresses
• Donor/benefactor information
• Financial papers
• Procurement information from 2018-2024

The number of affected individuals and the financial impact of the incident have not been disclosed. The investigation is ongoing to verify the authenticity and scope of the compromised data.