Update: British NHS Confirms A Damaging Software Attack

A cyber attack has hit systems used by the UK’s National Health Service (NHS), affecting services across all four of the UK’s nations. The attack targeted the system used to refer patients for care, including ambulances being dispatched. The incident disrupted NHS 111, the helpline for medical advice, along with systems used to dispatch ambulances, make out-of-hours appointments and issue emergency prescriptions.

It is now emerging that the attack has also affected Adastra, the clinical patient management software supplied to the NHS by the healthcare software & services firm, Advanced, and this aspect of the attack is leaving many clinical services disrupted, including access to confidential patient notes. 

This incident is clearly more extensive than first thought to be and some patient information and data will not be available online for weeks

People seeking medical help via these service are being warned of delays due to a “major” computer system outage caused by the attack. It affected the phone service and referrals to out-of-hours GPs. NHS staff across the UK have been left using pens and paper after the attack and staff have been told that the loss of access to online services could continue for as long as three weeks, raising safety issues for urgent cases.  

The origins of this attack are unknown at present, however similar large scale attacks in Ireland, New Zealand, Israel and the US raise concerns over criminal intent to extort ransom to restore services, or even the malicious actions hostile nation-state hackers. 

The National Crime Agency said it was "aware of a cyber incident" and was working with Advanced. "A security issue was identified yesterday, which resulted in loss of service," said Advanced COO Simon Short. "We can confirm that the incident is related to a cyber attack and as a precaution, we immediately isolated all our health and care environments. Early intervention from our Incident Response Team contained this issue to a small number of servers representing 2% of our Health & Care infrastructure."

Family doctors in London were warned by NHS England they could see an increased number of patients sent to them by NHS 111 due to the severe technical issue. It said a letter to GPs in the capital stated the problem was affecting the electronic referral process for patients.

It’s feared disruption could drive patients to overstretched accident and emergency departments and this was the case last week when the Isle of Wight NHS Trust declared a critical incident in response to ‘sustained pressure’ on its A&E services. 

"The ongoing outage is significant and has been far reaching, impacting each of the four nations in the UK." an NHS England spokesman said. “There is currently minimal disruption and the NHS will continue to monitor the situation as it works with Advanced to resolve their software system as quickly as possible, tried and tested contingency plans are in place for local areas who use this service.” 

Deryck Mitchelson, Field CISO at Check Point, and former NHS Scotland CISO, commented: “Healthcare now has such a dependency on digital technology from electronic health records, scheduling and admissions to scanners, x-rays, and laboratories, that an outage can have a direct impact on the life and death of patients. As the NHS recovers from the Covid-19 emergency footing, it is now at its most vulnerable to cyber attack."

HSToday:     ITPro:    BBC:      PulseTodayGuardian:    Independent:     Metro:     STV     LBC:     Digit:   

Infosecurity Magazine:  

You Might Also Read: 

A Hospital Hack Caused A Patient To Die:

 

« Unexplained Surge In Robotext Scams
Building a Threat-Ready Ransomware Response Plan »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NSFOCUS Information Technology

NSFOCUS Information Technology

NSFOCUS is a global service provider and enterprise DDoS mitigation solution provider.

tunCERT

tunCERT

TunCERT is the National Computer Emergency Response Team of Tunisia.

NXP Semiconductors

NXP Semiconductors

NXP is a world leader in secure connectivity solutions for embedded applications and the Internet of Things.

KE-CIRT/CC

KE-CIRT/CC

KE-CIRT/CC is the national Computer Incident Response Team for Kenya.

ClickDatos

ClickDatos

ClickDatos specializes in consulting, auditing, data protection training, accredited by ISO/IEC 27001 certification.

SGCyberSecurity

SGCyberSecurity

SGCyberSecurity is Singapore's No.1 Cyber Security portal. From this platform, you will be able to find useful articles, resources and connect with the security companies for your business needs.

ESTsecurity

ESTsecurity

ESTsecurity is a leading company in cyber security providing intelligent security solutions to make world more secure.

CICRA

CICRA

CICRA is Sri Lanka's pioneering cyber security training and consultancy provider.

Mend.io

Mend.io

Mend.io (formerly known as WhiteSource) is an application security company built to secure today’s digital world.

Informer

Informer

Informer provides an Attack Surface Management SaaS platform alongside penetration testing services. We combine machine learning and human intelligence to reduce cyber risk.

Hyperwise Ventures

Hyperwise Ventures

Hyperwise Ventures lead seed investments in startups in the cyber security and enterprise software spaces.

Centre for Cyber Security Belgium (CCB)

Centre for Cyber Security Belgium (CCB)

The Centre for Cyber Security Belgium is the central authority for cyber security in Belgium.

GRSi

GRSi

GRSi deliver next-generation systems engineering, cybersecurity, technology insertion and best practices-based Enterprise Operations (EOps) management.

Trojan Horse Security

Trojan Horse Security

Trojan Horse Security are specialists in corporate security. Our services include: Comprehensive Cyber Security Analysis, Penetration Testing, Network Security and Security Audits.

Queen Consulting & Technologies

Queen Consulting & Technologies

Queen Consulting & Technologies specialize in providing IT support, management, and Security to Gov’t Contractors, CPAs, and Nonprofits.

eGeneration

eGeneration

eGeneration is one of the leading technology solutions and system integration companies in Bangladesh.