Update: British NHS Confirms A Damaging Software Attack

A cyber attack has hit systems used by the UK’s National Health Service (NHS), affecting services across all four of the UK’s nations. The attack targeted the system used to refer patients for care, including ambulances being dispatched. The incident disrupted NHS 111, the helpline for medical advice, along with systems used to dispatch ambulances, make out-of-hours appointments and issue emergency prescriptions.

It is now emerging that the attack has also affected Adastra, the clinical patient management software supplied to the NHS by the healthcare software & services firm, Advanced, and this aspect of the attack is leaving many clinical services disrupted, including access to confidential patient notes. 

This incident is clearly more extensive than first thought to be and some patient information and data will not be available online for weeks

People seeking medical help via these service are being warned of delays due to a “major” computer system outage caused by the attack. It affected the phone service and referrals to out-of-hours GPs. NHS staff across the UK have been left using pens and paper after the attack and staff have been told that the loss of access to online services could continue for as long as three weeks, raising safety issues for urgent cases.  

The origins of this attack are unknown at present, however similar large scale attacks in Ireland, New Zealand, Israel and the US raise concerns over criminal intent to extort ransom to restore services, or even the malicious actions hostile nation-state hackers. 

The National Crime Agency said it was "aware of a cyber incident" and was working with Advanced. "A security issue was identified yesterday, which resulted in loss of service," said Advanced COO Simon Short. "We can confirm that the incident is related to a cyber attack and as a precaution, we immediately isolated all our health and care environments. Early intervention from our Incident Response Team contained this issue to a small number of servers representing 2% of our Health & Care infrastructure."

Family doctors in London were warned by NHS England they could see an increased number of patients sent to them by NHS 111 due to the severe technical issue. It said a letter to GPs in the capital stated the problem was affecting the electronic referral process for patients.

It’s feared disruption could drive patients to overstretched accident and emergency departments and this was the case last week when the Isle of Wight NHS Trust declared a critical incident in response to ‘sustained pressure’ on its A&E services. 

"The ongoing outage is significant and has been far reaching, impacting each of the four nations in the UK." an NHS England spokesman said. “There is currently minimal disruption and the NHS will continue to monitor the situation as it works with Advanced to resolve their software system as quickly as possible, tried and tested contingency plans are in place for local areas who use this service.” 

Deryck Mitchelson, Field CISO at Check Point, and former NHS Scotland CISO, commented: “Healthcare now has such a dependency on digital technology from electronic health records, scheduling and admissions to scanners, x-rays, and laboratories, that an outage can have a direct impact on the life and death of patients. As the NHS recovers from the Covid-19 emergency footing, it is now at its most vulnerable to cyber attack."

HSToday:     ITPro:    BBC:      PulseTodayGuardian:    Independent:     Metro:     STV     LBC:     Digit:   

Infosecurity Magazine:  

You Might Also Read: 

A Hospital Hack Caused A Patient To Die:

 

« Unexplained Surge In Robotext Scams
Building a Threat-Ready Ransomware Response Plan »

Quartz Conference
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Pervade Software

Pervade Software

Pervade Software is a global provider of dedicated compliance tracking software with monitoring & reporting capabilities.

Check Point Software Technologies

Check Point Software Technologies

Check Point Software Technologies is a leading provider of cyber security solutions to governments and corporate enterprises globally.

IPVanish

IPVanish

IPVanish has its roots in over 15 years of network management, IP services, and content delivery services. Now we're bringing these finely honed skills to VPN.

Security Research Labs (SRLabs)

Security Research Labs (SRLabs)

Security Research Labs is a Berlin-based hacking research collective and consulting think tank.

Online Business Systems

Online Business Systems

Online Business Systems is an information technology and business consultancy. We design improved business processes enabled with robust and secure information systems.

Evidence Talks Ltd

Evidence Talks Ltd

A leading forensic computing authority developing unique digital forensic technologies. Tools that detect potential terrorists & criminals & used by the military, enforcement & intelligence commmunity

Cyber Defense Agency (CDA)

Cyber Defense Agency (CDA)

Cyber Defense Agency is a premier professional services firm specializing in cyber security, computer network defense, and information security.

National Cyber Security Centre (NCSC) - New Zealand

National Cyber Security Centre (NCSC) - New Zealand

The role of the NCSC is to help New Zealand’s most significant public and private sector organisations to protect their information systems from advanced cyber-borne threats.

IoT Defense

IoT Defense

IoT Defense (IOTD) is a cybersecurity and networking company building solutions that enable the protection of networks and the ever-increasing prevalence of IoT devices.

ECOLUX

ECOLUX

ECOLUX is a professional IoT security service company committed to developing world-leading “IoT Lifecycle Security” technologies and products.

CyberCX

CyberCX

CyberCX provides services from strategic consulting, security testing and training to world-class managed services and engineering solutions.

Microland

Microland

Microland’s delivery of digital is all about making technology do more and intrude less for global enterprises. Our services include Cloud & Data Center, Networks, Cybersecurity and more.

Motorola Solutions

Motorola Solutions

Motorola Solutions build mission-critical services, software, video and analytics, backed by secure, resilient land mobile radio communications.

HALOCK Security Labs

HALOCK Security Labs

HALOCK is an information security consultancy providing both strategic and technical security offerings.

Com Olho

Com Olho

Com Olho provides the measurement, analytics, quality assurance, and fraud protection technologies brands need for their business and customers.

CoreStack

CoreStack

CoreStack helps enterprises overcome cloud challenges such as ever growing security risks, stringent regulatory compliance needs and operational complexities.

Sure Valley Ventures

Sure Valley Ventures

Sure Valley Ventures is an entrepreneur led venture capital fund focused on helping software entrepreneurs grow and scale businesses that will have a global impact.

iSPIRAL IT Solutions

iSPIRAL IT Solutions

iSPIRAL is a leading regulatory technology software provider delivering state-of-art AML, KYC, Risk and Compliance solutions.