Update: British NHS Confirms A Damaging Software Attack

Uploaded on 2022-08-10 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare

A cyber attack has hit systems used by the UK’s National Health Service (NHS), affecting services across all four of the UK’s nations. The attack targeted the system used to refer patients for care, including ambulances being dispatched. The incident disrupted NHS 111, the helpline for medical advice, along with systems used to dispatch ambulances, make out-of-hours appointments and issue emergency prescriptions.

It is now emerging that the attack has also affected Adastra, the clinical patient management software supplied to the NHS by the healthcare software & services firm, Advanced, and this aspect of the attack is leaving many clinical services disrupted, including access to confidential patient notes. 

This incident is clearly more extensive than first thought to be and some patient information and data will not be available online for weeks

People seeking medical help via these service are being warned of delays due to a “major” computer system outage caused by the attack. It affected the phone service and referrals to out-of-hours GPs. NHS staff across the UK have been left using pens and paper after the attack and staff have been told that the loss of access to online services could continue for as long as three weeks, raising safety issues for urgent cases.  

The origins of this attack are unknown at present, however similar large scale attacks in Ireland, New Zealand, Israel and the US raise concerns over criminal intent to extort ransom to restore services, or even the malicious actions hostile nation-state hackers. 

The National Crime Agency said it was "aware of a cyber incident" and was working with Advanced. "A security issue was identified yesterday, which resulted in loss of service," said Advanced COO Simon Short. "We can confirm that the incident is related to a cyber attack and as a precaution, we immediately isolated all our health and care environments. Early intervention from our Incident Response Team contained this issue to a small number of servers representing 2% of our Health & Care infrastructure."

Family doctors in London were warned by NHS England they could see an increased number of patients sent to them by NHS 111 due to the severe technical issue. It said a letter to GPs in the capital stated the problem was affecting the electronic referral process for patients.

It’s feared disruption could drive patients to overstretched accident and emergency departments and this was the case last week when the Isle of Wight NHS Trust declared a critical incident in response to ‘sustained pressure’ on its A&E services. 

"The ongoing outage is significant and has been far reaching, impacting each of the four nations in the UK." an NHS England spokesman said. “There is currently minimal disruption and the NHS will continue to monitor the situation as it works with Advanced to resolve their software system as quickly as possible, tried and tested contingency plans are in place for local areas who use this service.” 

Deryck Mitchelson, Field CISO at Check Point, and former NHS Scotland CISO, commented: “Healthcare now has such a dependency on digital technology from electronic health records, scheduling and admissions to scanners, x-rays, and laboratories, that an outage can have a direct impact on the life and death of patients. As the NHS recovers from the Covid-19 emergency footing, it is now at its most vulnerable to cyber attack."

HSToday:     ITPro:    BBC:      PulseTodayGuardian:    Independent:     Metro:     STV     LBC:     Digit:   

Infosecurity Magazine:  

You Might Also Read: 

A Hospital Hack Caused A Patient To Die:

 

« Unexplained Surge In Robotext Scams
Building a Threat-Ready Ransomware Response Plan »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Zayo

Zayo

Zayo is a leading global bandwidth infrastructure services provider for high-performance connectivity, secure colocation and flexible cloud services.

Trustwave

Trustwave

Trustwave is a leader in managed detection and response (MDR), managed security services (MSS), consulting and professional services, database security, and email security.

IronScales

IronScales

IronScales combines human intelligence with machine learning to automatically prevent, detect and respond to email phishing attacks.

RazorSecure

RazorSecure

RazorSecure offers products and services to enhance railway cyber security, by protecting and monitoring networks and key systems.

Codified Security

Codified Security

Codified is a testing platform for mobile application software. We make it easier than ever for companies to detect and fix security vulnerabilities and ensure their applications are compliant.

DestructData

DestructData

DestructData is a leading independent provider of End of Life data destruction/security solutions.

VS Security Products

VS Security Products

VS Security Products design, manufacture and sell the most extensive range of degaussers and data destroyers on the market, suitable for all types of magnetic media.

National CyberWatch Center - USA

National CyberWatch Center - USA

National CyberWatch Center is a cybersecurity consortium working to advance cybersecurity education and strengthen the national workforce.

CentricalCyber

CentricalCyber

CentricalCyber is a cyber risk consultancy and NIST CSF specialist set up to help business leaders better understand and manage cyber risk.

WhiteHawk

WhiteHawk

WhiteHawk is the first online Cyber Security Exchange. We help you understand your cyber risk and match you to tailored and affordable solutions.

Palitronica

Palitronica

Palitronica build cutting-edge hardware and breakthrough software that revolutionizes how we defend critical infrastructure and key resources.

European Cybersecurity Competence Centre (ECCC)

European Cybersecurity Competence Centre (ECCC)

The ECCC aims to increase Europe’s cybersecurity capacities and competitiveness, working together with a Network of National Coordination Centres to build a strong cybersecurity Community.

G-71

G-71

G-71 LeaksID is a cutting-edge ITM technology aimed at safeguarding sensitive documents from insider threats.

OneStep Group

OneStep Group

OneStep Group are a leading Australian provider of information and communications technology (ICT) services, connecting businesses through technology solutions and support.

Iolo

Iolo

Iolo develops patented technology and award-winning software that repairs, optimizes, and protects computers, to maximize system speed and performance while keeping them safe.

Blockaid

Blockaid

Blockaid is the onchain security platform for monitoring, detecting, and responding to onchain and offchain threats.