Update: British NHS Confirms A Damaging Software Attack

A cyber attack has hit systems used by the UK’s National Health Service (NHS), affecting services across all four of the UK’s nations. The attack targeted the system used to refer patients for care, including ambulances being dispatched. The incident disrupted NHS 111, the helpline for medical advice, along with systems used to dispatch ambulances, make out-of-hours appointments and issue emergency prescriptions.

It is now emerging that the attack has also affected Adastra, the clinical patient management software supplied to the NHS by the healthcare software & services firm, Advanced, and this aspect of the attack is leaving many clinical services disrupted, including access to confidential patient notes. 

This incident is clearly more extensive than first thought to be and some patient information and data will not be available online for weeks

People seeking medical help via these service are being warned of delays due to a “major” computer system outage caused by the attack. It affected the phone service and referrals to out-of-hours GPs. NHS staff across the UK have been left using pens and paper after the attack and staff have been told that the loss of access to online services could continue for as long as three weeks, raising safety issues for urgent cases.  

The origins of this attack are unknown at present, however similar large scale attacks in Ireland, New Zealand, Israel and the US raise concerns over criminal intent to extort ransom to restore services, or even the malicious actions hostile nation-state hackers. 

The National Crime Agency said it was "aware of a cyber incident" and was working with Advanced. "A security issue was identified yesterday, which resulted in loss of service," said Advanced COO Simon Short. "We can confirm that the incident is related to a cyber attack and as a precaution, we immediately isolated all our health and care environments. Early intervention from our Incident Response Team contained this issue to a small number of servers representing 2% of our Health & Care infrastructure."

Family doctors in London were warned by NHS England they could see an increased number of patients sent to them by NHS 111 due to the severe technical issue. It said a letter to GPs in the capital stated the problem was affecting the electronic referral process for patients.

It’s feared disruption could drive patients to overstretched accident and emergency departments and this was the case last week when the Isle of Wight NHS Trust declared a critical incident in response to ‘sustained pressure’ on its A&E services. 

"The ongoing outage is significant and has been far reaching, impacting each of the four nations in the UK." an NHS England spokesman said. “There is currently minimal disruption and the NHS will continue to monitor the situation as it works with Advanced to resolve their software system as quickly as possible, tried and tested contingency plans are in place for local areas who use this service.” 

Deryck Mitchelson, Field CISO at Check Point, and former NHS Scotland CISO, commented: “Healthcare now has such a dependency on digital technology from electronic health records, scheduling and admissions to scanners, x-rays, and laboratories, that an outage can have a direct impact on the life and death of patients. As the NHS recovers from the Covid-19 emergency footing, it is now at its most vulnerable to cyber attack."

HSToday:     ITPro:    BBC:      PulseTodayGuardian:    Independent:     Metro:     STV     LBC:     Digit:   

Infosecurity Magazine:  

You Might Also Read: 

A Hospital Hack Caused A Patient To Die:

 

« Unexplained Surge In Robotext Scams
Building a Threat-Ready Ransomware Response Plan »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jumpsec

Jumpsec

Jumpsec provides penetration testing, security assessments, social engineering testing, cyber incident response, training and consultancy services.

Copenhagen FinTech

Copenhagen FinTech

Copenhagen FinTech is a centre for R&D and innovation in the Danish finance IT sector. Focus areas include cyber security and payments platforms.

Vector InfoTech

Vector InfoTech

Vector InfoTech is a leader in Industrial Security, Networks, IT and Telecommunications.

Cybersecurity Advisors Network (CyAN)

Cybersecurity Advisors Network (CyAN)

CyAN provides a not-for-profit platform that helps private and public organisations as well as governments to identify trusted advisors in the area of Cyber Security and Cyber Crime.

Computing Technology Industry Association (CompTIA)

Computing Technology Industry Association (CompTIA)

CompTIA is dedicated to advancing industry growth through its educational programs, market research, networking events, professional certifications, and public policy advocacy.

ECOS Technology

ECOS Technology

ECOS Technology specializes in the development and sale of IT solutions for high-security remote access as well as the management of certificates and smart cards.

Governikus

Governikus

Governikus provides solutions for secure data transport, authentication, the use of electronic signatures and cryptography as well as for long-term storage.

CyberForce Program - US Department of Energy

CyberForce Program - US Department of Energy

The Department of Energy’s (DOE) CyberForce Program is a workforce development program that seeks to inspire and develop the next generation of cyber defenders for the energy sector.

Envieta

Envieta

Envieta is a leader in cryptographic solutions. From server to sensor, we design and implement powerful security into new or existing infrastructure.

Isovalent

Isovalent

Isovalent deliver the most advanced Kubernetes networking & security capabilities to the most demanding of enterprise users.

R3I Ventures - House of DeepTech

R3I Ventures - House of DeepTech

The House of DeepTech is an incubator for deeptech entrepreneurs that are transforming global industries. Areas of interest include cybersecurity.

SubRosa Cyber Solutions

SubRosa Cyber Solutions

SubRosa Cyber Solutions solves its clients’ most tenacious information security, risk and compliance challenges through a multitude of information technology services and expertise.

Amazon Web Services (AWS)

Amazon Web Services (AWS)

Amazon Web Services is the world’s most comprehensive and broadly adopted cloud platform, offering fully featured services from data centers globally.

Incyber

Incyber

Incyber is a fully integrated network and cybersecurity solutions provider contracted to safeguard public and private enterprise, high value data and sensitive industries.

Iron EagleX

Iron EagleX

Iron EagleX deliver engineering solutions in cloud computing, big data, cyber, and machine learning technologies to US Government customers.

Digital WarRoom

Digital WarRoom

Digital WarRoom is an eDiscovery company offering cloud-based and on-premise eDiscovery solutions. Request a demo.