Kevin Poireault reports:
An infamous ransomware group has claimed to have compromised sensitive data from a children’s hospital in Liverpool, UK.
On November 28, INC Ransom posted on its data leak site that it has obtained large-scale data patient records, donor reports and procurement data for 2018-2024 from Alder Hey Children’s NHS Foundation Trust.
[And no, this is not the same incident as the one recently reported affecting the Wirral University Teaching Hospital Trust. ]
Speaking to Infosecurity, Will Thomas, SANS Instructor and CTI researcher, said that while it is still unknown if the claim by INC Ransom is legitimate, a Citrix instance from Alder Hey NHS Foundation Trust’s IT systems has stopped responding.
He noted that the cyber defenders at Alder Hey have likely taken the Citrix instance down while they investigate.
He added that INC Ransom is known to use CitrixBleed (CVE-2023-4966), a critical software vulnerability found in 2023 in Citrix NetScaler ADC and NetScaler Gateway appliances.
Read more at Infosecurity Magazine.
DataBreaches notes that when INC Ransom encrypts their victims, they use a lock symbol in their disclosure listing for the victims. At this point, the only icon INC Ransom has posted for Alder Hey is a picture icon that they use to indicate they have posted some proof of claims. S\