In Liverpool, UK, cybercrime poses a real threat to organisations and residents alike. As technology rapidly advanced, the city became a target for large-scale cyberattacks. What kind of attacks? What were the consequences? Were measures taken? We explore this at liverpool-future.com.
Major Cyberattack on Liverpool’s Medical Facilities: Patient Data Compromised
The most high-profile incident of malicious activity by British hackers affecting Liverpool occurred in December 2024. Cybercriminals launched an attack on Alder Hey Children’s NHS Foundation Trust, resulting in unauthorised access to data from three hospitals simultaneously: Alder Hey Children’s Hospital, Liverpool Heart and Chest Hospital, and Royal Liverpool University Hospital.
The attackers gained access to medical records, donor reports, and procurement information, and a portion of the stolen data was published online. The incident caused disruptions to hospital operations, delays in accident and emergency departments, and meant that not all patients could be admitted. However, credit is due to the medical staff – essential medical services continued to be provided.
The investigation was taken over by the UK’s National Crime Agency, Merseyside Police, and the National Cyber Security Centre. While law enforcement sought the culprits, the hospitals themselves carried out their part: informing patients about the data breach and ensuring compliance with data protection laws.
Other Incidents
Cybercrime in Liverpool also encompasses other areas, including fraud, identity theft, malware distribution, and online piracy. The city has specialised law firms and experts dedicated to defending against cybercrimes and assisting victims.
Even before these recent events, Liverpool had recorded cybercrime incidents that highlighted the vulnerability of even reputable institutions and services. Specifically, there were at least two documented ransomware attacks: on the regional transport operator Merseyrail (2021) and on St Helens Council (2023).
During one of these attacks, the hackers weren’t limited to encrypting data. They compromised the security director’s email and sent threatening letters to employees and journalists, demanding a ransom. In the second instance, several council services were paralysed, after which authorities began to cautiously discuss the suspicion of ransomware, using very careful wording. What’s also interesting is that original materials about these attacks have disappeared from official websites, such as the BBC or The Register. This could indicate attempts to mitigate the informational impact of the incidents or reduce public panic.
So, what exactly is ransomware? It’s a type of malicious software that blocks computers or encrypts files, then demands a ransom – usually in cryptocurrency. And even if you pay, there’s no guarantee that access will be restored. In both cases described, the consequences varied, but the symptom was the same: paralysed infrastructure.
Unfortunately, such situations have become commonplace for Liverpool. As it turned out, a hacker attack can start with an open letter or incorrect firmware. And although news reports barely mention it, the region is clearly in the sights of criminals who are testing how robust Liverpool’s digital defences are.
It cannot be said that the situation in Merseyside is worse than elsewhere. In reality, cybercrime in Liverpool reflects nationwide trends of increasing digital threats. However, the city is actively collaborating with government agencies to strengthen its cyber defences.
Measures Taken
Liverpool-based companies, and hospitals in particular, were quick to react. One study showed that they implemented comprehensived measures to protect against cyber threats following the aforementioned attacks that affected the city’s medical facilities. Here’s what they specifically did:
- Established specialised cybersecurity platforms. All 17 medical trusts in the region, including Liverpool’s hospitals, deployed the Cynerio platform to protect medical devices and the Internet of Things (IoT) network. This system provides continuous monitoring, cyber threat detection, and automated responses to them, while also allowing all connected devices to be seen.
- Enhanced technical protection. Standard cybersecurity methods now include the use of firewalls and data encryption, along with regular updates and checks of antivirus software. Furthermore, access to systems was restricted to authorised administrators only, and unused ports and devices were configured to be disabled.
- Conducted staff training. Employees were educated on how to securely manage credentials, use strong passwords and two-factor authentication, and how to act in suspicious situations.
- Introduced new types of monitoring. For example, hospitals began using real-time systems to detect viruses and malware, isolate affected network segments, and maintain logs for incident investigation.
Thus, the measures taken were indeed comprehensive and serious. This is especially true for Liverpool’s hospitals which, as it turned out, were less protected before the 2024 attack.
Cutting-Edge Technologies Liverpool is Adopting
Cybercrime has at least one rather amusing positive side. It forces the improvement of cybersecurity measures, stimulating the development of innovative technologies that will outwit criminals or at least put them in check. Some of these solutions are being developed in Liverpool. And even if they are developed in other cities, our city is still adopting them, not shying away from external solutions if they are beneficial. Here are some examples:
- Cyber threat monitoring and response systems. Hospitals use specialised platforms for monitoring networks and medical devices (e.g., protecting IoT infrastructure), which allow them to detect suspicious activity in real-time and automatically respond to potential threats.
- Data encryption. All personal and medical data is encrypted both during transmission and storage, making unauthorised access impossible even if storage media are physically stolen.
- Multi-factor authentication. Multi-level user authentication has been implemented for access to information systems and medical records, which significantly reduces the risk of unauthorised entry.
- Regular software updates and antivirus protection. Systems are constantly updated to protect against new types of vulnerabilities, and modern antivirus software helps prevent infection by malicious code.
- Compliance with international standards and legal requirements is important for Liverpool. Hospitals are implementing information security policies in accordance with the recommendations of the National Health Service, the Information Commissioner, and current legislation on personal data protection.
In conclusion, Liverpool’s companies and institutions, considering the aforementioned hacker attack, quickly learned their lesson. They are enhancing cyber resilience and ensuring robust protection of sensitive data. Of course, it would have been better to prevent such things from happening in the first place. But on the other hand, it’s better to learn from your mistakes than not to learn at all. Otherwise, you might end up as the subject of a Paul Smith stand-up routine – and that would be truly unpleasant.
