Update: British NHS Confirms A Damaging Software Attack

Uploaded on 2022-08-10 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare

A cyber attack has hit systems used by the UK’s National Health Service (NHS), affecting services across all four of the UK’s nations. The attack targeted the system used to refer patients for care, including ambulances being dispatched. The incident disrupted NHS 111, the helpline for medical advice, along with systems used to dispatch ambulances, make out-of-hours appointments and issue emergency prescriptions.

It is now emerging that the attack has also affected Adastra, the clinical patient management software supplied to the NHS by the healthcare software & services firm, Advanced, and this aspect of the attack is leaving many clinical services disrupted, including access to confidential patient notes. 

This incident is clearly more extensive than first thought to be and some patient information and data will not be available online for weeks

People seeking medical help via these service are being warned of delays due to a “major” computer system outage caused by the attack. It affected the phone service and referrals to out-of-hours GPs. NHS staff across the UK have been left using pens and paper after the attack and staff have been told that the loss of access to online services could continue for as long as three weeks, raising safety issues for urgent cases.  

The origins of this attack are unknown at present, however similar large scale attacks in Ireland, New Zealand, Israel and the US raise concerns over criminal intent to extort ransom to restore services, or even the malicious actions hostile nation-state hackers. 

The National Crime Agency said it was "aware of a cyber incident" and was working with Advanced. "A security issue was identified yesterday, which resulted in loss of service," said Advanced COO Simon Short. "We can confirm that the incident is related to a cyber attack and as a precaution, we immediately isolated all our health and care environments. Early intervention from our Incident Response Team contained this issue to a small number of servers representing 2% of our Health & Care infrastructure."

Family doctors in London were warned by NHS England they could see an increased number of patients sent to them by NHS 111 due to the severe technical issue. It said a letter to GPs in the capital stated the problem was affecting the electronic referral process for patients.

It’s feared disruption could drive patients to overstretched accident and emergency departments and this was the case last week when the Isle of Wight NHS Trust declared a critical incident in response to ‘sustained pressure’ on its A&E services. 

"The ongoing outage is significant and has been far reaching, impacting each of the four nations in the UK." an NHS England spokesman said. “There is currently minimal disruption and the NHS will continue to monitor the situation as it works with Advanced to resolve their software system as quickly as possible, tried and tested contingency plans are in place for local areas who use this service.” 

Deryck Mitchelson, Field CISO at Check Point, and former NHS Scotland CISO, commented: “Healthcare now has such a dependency on digital technology from electronic health records, scheduling and admissions to scanners, x-rays, and laboratories, that an outage can have a direct impact on the life and death of patients. As the NHS recovers from the Covid-19 emergency footing, it is now at its most vulnerable to cyber attack."

HSToday:     ITPro:    BBC:      PulseTodayGuardian:    Independent:     Metro:     STV     LBC:     Digit:   

Infosecurity Magazine:  

You Might Also Read: 

A Hospital Hack Caused A Patient To Die:

 

« Unexplained Surge In Robotext Scams
Building a Threat-Ready Ransomware Response Plan »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Copper Horse Solutions

Copper Horse Solutions

Copper Horse specialises in mobile and IoT security, engineering solutions throughout the product lifecycle from requirements to product security investigations.

VdS

VdS

VdS is an independent safety and security testing institution. Cybersecurity services include standards, audit/assessment and certification for SMEs.

BitSight Technologies

BitSight Technologies

BitSight transforms how companies manage information security risk with objective, verifiable and actionable Security Ratings.

NetGuardians

NetGuardians

NetGuardians is a leading Fintech company recognized for its unique approach to fraud and risk assurance solutions.

OnSystem Logic

OnSystem Logic

OnSystem Logic has developed a unique, patent-pending solution to solve the problem of the exploitation of flaws in application software as a technique for cyber attacks.

Pradeo

Pradeo

Pradeo Security offers a complete, automatic and seamless protection to mobile devices and applications, aligned with your organization security policy while preserving business agility.

SKOUT Secure Intelligence

SKOUT Secure Intelligence

SkOUT Secure Intelligence (formerly Oxford Solutions) provides cyber security monitoring services to organizations around the globe.

Level39 (L39)

Level39 (L39)

Level39 is the world's most connected tech community, with over 200 tech startups and scaleups based onsite.

Fend

Fend

Fend secures smart infrastructure. We provide a robust, highly secure way to have situational awareness of IoT enabled assets.

BicDroid

BicDroid

BicDroid is a world leader in data and cyber security with innovative solutions that protect your data anywhere, anytime, against everything.

Pentest Limited

Pentest Limited

Pentest Limited provide information security consultation, penetration testing & red teaming services to companies across the globe.

Hyperion Gray

Hyperion Gray

Hyperion Gray are a small research and development team focused on innovative work in a variety of areas including Software & Security Research, Penetration Testing, Incident Response, and Red Teaming

ISSQUARED

ISSQUARED

ISSQUARED is a leading provider of Cyber Security, Cloud, Infrastructure, Consulting and Digital Transformation services.

First Focus

First Focus

First Focus is a managed service provider for medium-sized organisations.

US Insider Risk Management Center of Excellence (US-InRM)

US Insider Risk Management Center of Excellence (US-InRM)

The US-InRM Center of Excellence is a nonprofit organization dedicated to promoting private, public, and academic partnerships to foster knowledge sharing and resources to mitigate insider risk.

Darwinium

Darwinium

Darwinium is a Cyberfraud Prevention Platform that provides scalable customer journey protection without complexity.