On 25 November 2024, Wirral University Teaching Hospital NHS Foundation Trust declared a “major incident” due to a significant cyber security breach. The incident has caused widespread disruption, with all outpatient appointments cancelled and services at Arrowe Park Hospital significantly affected.
In a statement, the Trust emphasised that its business continuity measures are in place and reassured the public that patient safety remains its top priority. However, they urged the public to avoid the Emergency Department unless absolutely necessary, suggesting alternative healthcare options like NHS 111, GPs, or urgent treatment centres for non-critical concerns.
A staff member told the Liverpool Echo:
“Everything is down. Everything is done electronically so there’s no access to records, results or anything, so we are having to do everything manually, which is really difficult. The damage is huge.”
The digital systems integral to hospital operations, such as patient records and diagnostic tools, have been rendered inaccessible, forcing staff to revert to manual processes. This has created significant challenges in delivering care efficiently.
This incident is part of a troubling trend of cyber attacks targeting NHS services. In June 2024, a ransomware attack on Synnovis disrupted pathology services, delaying over 10,000 outpatient appointments and nearly 2,000 elective procedures across multiple trusts. Earlier in March, NHS Dumfries and Galloway suffered a cyber attack that resulted in sensitive patient data being leaked on the dark web.
Despite these high-profile breaches, NHS England’s Executive Director of National Cyber Security Operations, Mike Fell, recently stated that the number of cyber attacks against the NHS is stabilising or even declining.
The UK government is actively working to bolster cyber defences for critical public services. The upcoming Cyber Security and Resilience Bill, set to be introduced in 2025, is designed to address vulnerabilities and prevent attacks like those recently experienced by the NHS.
Additionally, NHS England and the National Data Guardian introduced an updated cyber resilience framework in September 2024, aligning health and social care organisations with national cyber resilience standards. These measures are part of the government’s broader Cyber Security Strategy for Health and Social Care: 2023 to 2030.
On the frontline, trusts are taking proactive steps to safeguard their systems. For example, Barts Health NHS Trust has implemented Cynerio’s specialised healthcare cyber security platform to enhance its digital defences.
The increasing frequency of cyber attacks on healthcare systems underscores the critical need for robust cyber security measures. Hospitals rely heavily on digital infrastructure to deliver timely and effective care, making them prime targets for cyber criminals.
Incidents like the one at Wirral University Teaching Hospital highlight the widespread consequences of such breaches—not only for operational efficiency but also for patient safety. The NHS must remain vigilant and continue investing in advanced cyber security technologies to safeguard its vital services.
For now, the priority remains addressing the immediate crisis at Wirral, ensuring the safety and care of its patients while learning valuable lessons to prevent future attacks.
Contact Periculo for expert cyber security solutions tailored to the digital health industry.