Two National Health Service (NHS) hospitals in the UK disclosed cyberattacks last week, and at least one of the attacks was conducted by a ransomware group.

Alder Hey Children’s Hospital said it was investigating claims that its systems may have been breached and that patient records and other information was stolen.

“We are aware that data has been published online and shared via social media that purports to have been obtained illegally from systems shared by Alder Hey and Liverpool Heart and Chest Hospital NHS Foundation Trust. We are working with partners to verify the data that has been published and to understand the potential impact,” the hospital said.

The statement was published just as the ransomware group named Inc Ransom added Alder Hey to its Tor-based leak site, claiming the theft of patient records, donor reports, and other information. The data, the gang claims, is dated 2018 – 2024.

In its statement, the hospital said it was working on securing its systems, but noted that the incident had no impact on the availability of its services.

“This incident is not linked to the ongoing incident at Wirral University Teaching Hospitals,” Alder Hey said.

Wirral University Teaching Hospital announced last week it was scrambling to respond to a cyberattack that forced it to shut down its systems and revert to pen and paper.

“After detecting suspicious activity, as a precaution, we isolated our systems to ensure that the problem did not spread. This resulted in some IT systems being offline. We have reverted to our business continuity processes and are using paper rather than digital in the areas affected,” the hospital announced.

Wirral said that while its services were still available during the incident, some planned services had been disrupted, including scheduled appointments, and some procedures were postponed.

“The Trust continues to prioritize emergency treatment but there are likely to be longer than usual waiting times for unplanned treatment in our Emergency Department and assessment areas,” the hospital said.

While Wirral University Hospital did not say what type of cyberattack it fell victim to, ransomware might have been involved, as shutting down systems is the usual response to such an attack. SecurityWeek has not seen any known ransomware group claiming responsibility for the incident.

Related: Microlise Confirms Data Breach as Ransomware Group Steps Forward

Related: State Workers to Be Paid on Time Despite Ransomware Attack

Related: Bipartisan Legislation Seeks Stronger Healthcare Cybersecurity

Related: Ahold Delhaize Cybersecurity Incident Impacts Giant Food, Hannaford