Skip to content
Contact Us
All posts

Major Cyber Security Incident Declared at Merseyside Hospital

By  Craig Pepper  ·  2 minute read

On 25 November 2024, Wirral University Teaching Hospital NHS Foundation Trust declared a “major incident” following a serious cybersecurity breach. The incident caused widespread disruption across Arrowe Park Hospital, with all outpatient appointments cancelled and digital systems taken offline.

In a public statement, the trust confirmed that business continuity plans were activated and reassured the public that patient safety remained the top priority. Patients were urged to avoid the Emergency Department unless absolutely necessary and to use NHS 111, local GPs, or urgent treatment centres for non-critical care.

Operational Impact: Digital Systems Offline

A staff member told the Liverpool Echo:

“Everything is down. Everything is done electronically so there’s no access to records, results or anything, so we are having to do everything manually, which is really difficult. The damage is huge.”

The attack crippled core hospital systems—including patient records, diagnostic tools, and communication systems—forcing staff to revert to manual processes. The disruption posed significant operational challenges in maintaining timely and coordinated care.

Part of a Wider Pattern of Attacks on the NHS

The Wirral incident followed several other major NHS cyber attacks in 2024, including:

  • June 2024: The Synnovis ransomware attack shut down pathology services at King’s College Hospital and Guy’s and St Thomas’ Trusts. Over 10,000 appointments were delayed, with patient harm confirmed.

  • March 2024: A ransomware breach at NHS Dumfries and Galloway led to the leak of three terabytes of patient data on the dark web.

These incidents reveal a worrying trend in targeted attacks against NHS trusts and suppliers. However, NHS England's Executive Director of National Cyber Operations, Mike Fell, noted in late 2024 that the overall frequency of attacks may be stabilising or declining.

Government and NHS Response in 2025

In response to high-impact incidents like Wirral and Synnovis, the government has taken decisive steps:

  • The Cyber Security and Resilience Bill, announced in September 2024, has since progressed through Parliament in early 2025. It is designed to:

    • Set minimum cyber standards for critical public services

    • Strengthen incident response coordination

    • Mandate independent assessments for cyber maturity

  • NHS England released a revised Cyber Resilience Framework in September 2024, aligning the health and care sector with the Cyber Assessment Framework (CAF) and focusing on outcome-based assurance.

These steps form part of the broader Cyber Security Strategy for Health and Social Care (2023–2030), aimed at improving NHS cyber maturity across infrastructure, leadership, and supply chains.

Sector-Wide Improvements and Lessons from Wirral

In addition to national policy changes, individual trusts are investing in cyber protection. For example, Barts Health NHS Trust has deployed Cynerio’s specialist platform to improve security visibility across connected medical devices.

The Wirral attack demonstrates the urgent need for:

  • Real-time threat monitoring and detection

  • Effective business continuity and offline workflows

  • Staff training on cyber incident response

  • Robust backup and recovery systems

Cyber Resilience in Healthcare Must Be a Priority

Healthcare organisations like Wirral rely heavily on digital infrastructure to provide safe and timely care. That same reliance makes them high-value targets for cybercriminals.

The cyber attack on Wirral University Teaching Hospital shows just how damaging a breach can be—not only to clinical workflows, but to public trust. Moving forward, NHS trusts must continue prioritising cyber resilience, investing in both technology and strategy to protect patients and maintain critical operations.

For now, the focus remains on supporting Wirral’s recovery and ensuring that lessons from this incident inform stronger defences across the sector.

🔗 Want a deeper look at how to secure NHS trusts against ransomware? Read our full Synnovis case study →