Cyber Attack On NHS Software Services

Uploaded on 2022-08-08 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare, TECHNOLOGY--Hackers

British NHS 111 medical staff nationwide were left using pens and paper after a major cyber attack was carried out over the weekend. People seeking medical help via the service are being warned of delays due to a “major” computer system outage caused by the attack which affected the phone service and referrals to out-of-hours GPs.

The system was shut down by hackers thought to be linked to a hostile state and cyber crime experts have been drafted in to investigate.

Advanced, a firm providing digital services for NHS 111, said the attack was spotted at 07:00 on Thursday 4th August. The attack targeted the system used to refer patients for care, including ambulances being dispatched, out-of-hour appointment bookings and emergency prescriptions.

The British National Crime Agency said it was "aware of a cyber incident" and was working with Advanced. "A security issue was identified yesterday, which resulted in a loss of service. We can confirm that the incident is related to a cyber attack and as a precaution, we immediately isolated all our health and care environments. Early intervention from our Incident Response Team contained this issue to a small number of servers representing 2% of our Health & Care infrastructure." an Advanced spokesman said

Advanced suggested the issue might not be fully resolved until next week and family doctors in London were warned by NHS England they could see an increased number of patients sent to them by NHS 111 due to the severe technical issue. It said a letter to GPs in the capital stated the problem was affecting the electronic referral process for patients.

Officials believe the fallout will last until Tuesday at the earliest, with the public told there will be delays when ringing the hotline.

It’s feared disruption could drive patients to overstretched accident and emergency departments over the weekend. An NHS England spokesperson said there was currently minimal disruption, and it was monitoring the situation. "NHS 111 services are still available for patients who are unwell, but if it is an emergency please call 999," they said.  

  • The Isle of Wight NHS Trust declared a critical incident in response to ‘sustained pressure’ on its A&E services. 
  • The Welsh Ambulance Service warned it may take longer for calls to be answered over the weekend. It said: "There is a major outage of a computer system that is used to refer patients from NHS 111 Wales to out-of-hours GP providers.
  • A Scottish Government spokesperson said it was aware of reported disruption to one of NHS Scotland's IT suppliers' systems and is "working with all health boards collaboratively on a four nations basis with the National Cyber Security Centre and the supplier to fully understand potential impact".
  • A spokesperson for Northern Ireland's Department of Health said they are working to keep disruption to a minimum. "As a precaution, to avoid risk to other critical systems and services, access to the company's services from the HSC (Health and Social Care system) has been disabled, while the incident is contained," they said.

Commenting on the attack Ross Brewer of enterprise cyber security platform AttackIQ said, ‘’This latest breach bringing the NHS 111 service to its knees is yet another example of an IT supplier being used to gain access in order to bring down critical national infrastructure...  While the specific details in this case are still developing, typically compromises of suppliers are used as an entry point to gain access to the target organisation or the service a supplier may be running on their behalf."

Regardless of the entry point, organisations should have protection and detection mechanisms to stop such intrusions developing into a catastrophic service failure, according to Brewer.

"In the case of cloud services hosted by the third party suppliers, the provider should have similar protections. To often not enough testing of people, processes and technology is taking place to validate an organisation’s cyber security readiness." he added.

An NHS spokesperson said “There is currently minimal disruption, and the NHS will continue to monitor the situation as it works with Advanced to resolve their software system as quickly as possible, tried and tested contingency plans are in place for local areas who use this service.”    

 Pulse Today:     HSToday:     BBC:    Guardian:     Independent:     Metro:   STV:     LBC: 

You Might Also Read: 

Ireland’s Health Service Won't Pay Ransom:
 

« AI Driven Anomaly Detection In The Oil & Gas Industry
Taiwan's Government Websites Attacked Just Before Pelosi’s Visit »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Consult Hyperion

Consult Hyperion

Consult Hyperion is an independent strategic and technical consultancy specialising in digital identity and secure electronic transactions.

SynerComm

SynerComm

SynerComm is an IT solution provider specializing in network and security infrastructure, enterprise mobility, remote access, wireless solutions, audit, pentesting and information assurance.

Nok Nok Labs

Nok Nok Labs

Nok Nok is a market leader in next generation authentication for cloud, mobile and IoT applications.

Oneconsult

Oneconsult

Oneconsult provides cyber security services focusing on penetration tests / ethical hacking, ISO 27001 security audits and incident response & IT forensics.

United Nations Office on Drugs & Crime (UNODC)

United Nations Office on Drugs & Crime (UNODC)

UNODC promotes long-term and sustainable capacity building in the fight against cybercrime through supporting national structures and action.

GlassSquid

GlassSquid

glasssquid.io simplifies your cyber security job search. We want to help you find your next perfect fit opportunity by removing the confusion.

Nemko

Nemko

Nemko offers testing, inspection, and certification services worldwide, mainly concerning products and systems, but also for machinery, installations, and personnel.

Ukrainian Academy of Cyber Security (UACS)

Ukrainian Academy of Cyber Security (UACS)

UACS is a professional non-profit public organization established to promote the development of an extensive network and ecosystem of education and training in the field of cyber security.

GAVS Technologies

GAVS Technologies

GAVS is a global IT services provider with focus on AI-led Managed Services and Digital Transformation.

Opora

Opora

Opora is the leading cybersecurity provider of adversary behavior analytics “ABA” and preemptive security solutions.

Rolls-Royce Cybersecurity Technology Research Network

Rolls-Royce Cybersecurity Technology Research Network

Rolls-Royce has partnered with Purdue University and Carnegie Mellon University to create the Rolls-Royce Cybersecurity Technology Research Network.

Def-Logix

Def-Logix

Def-Logix was founded in 2008 to help solve cyber threats being experienced by government agencies of the United States.

Involta

Involta

Involta orchestrates IT transformation journeys using well-defined and rigorous processes to deliver hybrid cloud solutions, consulting and data center services tailored to our clients’ needs.

Tryaq

Tryaq

Tryaq are a group of cybersecurity experts and enthusiasts who share the mission to make the world feel safer online.

Hacker School

Hacker School

Hacker School offers technology motivated training programs that provide Cyber Security Certifications and Courses.

InfoSight

InfoSight

InfoSight offers proven Cyber Security, Regulatory Compliance, Risk Management and Infrastructure Solutions to protect your business and your customers from cyber crime and fraud.