TV skull face

NHS IT supplier suffers severe ransomware attack

Advanced, the provider of digital services like patient check-in and NHS 111, has suffered a cyber attack that could take up to four weeks to resolve.

NHS 111 call handlers service have been left "working on paper" after the failure of IT systems, according to a letter from NHS England to London GPs seen by industry magazine Pulse.

The attack had wide-ranging implications, affecting the system used to dispatch ambulances, book out-of-hours appointments and issue emergency prescriptions and severely affecting response times across all four UK nations. 

The Birmingham-based firm says it first spotted the hack at 07:00 BST on 4 August and immediately took steps to contain the hackers. The Welsh Ambulance Service was one of the firsts to report a "major outage" of the system used to refer patients from 111 to out-of-hours GP providers. 

"We are rebuilding and restoring impacted systems in a separate and secure environment," said a statement published by Advanced. 

The NHS insists that disruption is minimal, but Advanced would not say if NHS data had been stolen or whether the company had engaged in negotiations with the hackers or agreed to pay a ransom. In the meantime, the public was encouraged to continue using 111 online or by phone, but was warned it could take longer for calls to be answered.

"While Advanced has confirmed that the incident impacting their software is ransomware, the NHS has tried and tested contingency plans in place including robust defences to protect our own networks, as we work with the National Cyber Security Centre to fully understand the impact," said an NHS England spokesperson. 

Although Advanced said it is working "tirelessly" to resolve issues, the company confirmed it could take three to four more weeks to bring some systems back to full performance.

Some of the products affected include Adastra, which is used by NHS 111 service, and Caresys and Carenotes, which provide the backbone for care home services like patient notes and visitor booking. An NHS psychiatrist, who wished to remain anonymous, told the BBC the attack had left his team "making clinical decisions nearly blind". 

"If a new patient came to us, we weren't able to read their history or know very much about them," he said."We've been told to be ready for it to not be up and running for who knows how long."

The National Cyber Security Centre, which is part of GCHQ, confirmed it is working with Advanced to help it recover and stressed the importance of having defences and contingency plans for ransomware attacks, which have significantly increased in number in the past two years. 

"Ransomware is the key cyber-threat facing the UK", a spokesman stressed. 

Five years ago, the WannaCry cyber attack severely disrupted healthcare services in the UK, leaving the NHS with a near-£100m bill. Last year, the authors of the attack were found to be  North Korean hackers.

Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.

Recent articles