A cyberattack, first identified last Thursday, has caused a “major” computer system outage affecting companies within the NHS, including the 111 call line.
Reportedly, a number of health and care systems delivered by business software and services provider Advanced are currently experiencing major outages.
Advanced has 26 NHS clients, according to Digital Health Intelligence, and they supply services to thousands of healthcare professionals. The company’s Adastra software works with 85% of NHS 111 services, where service remains affected as a result of the attack. Adastra is used to refer patients for care, including out-of-hours appointment bookings, emergency prescriptions, and ambulance dispatching.
Neither NHS England nor Advance would initially confirm reports that a cyberattack was to blame.
However, last Friday, Advance’s Chief Operating Officer Simon Short confirmed the incident occurred as a result of a cyberattack and said that the company had taken action which contained the attack, adding that “no further issues have been detected.”
An NHS England spokeswoman said NHS 111 services are still available and that there is “currently minimal disruption”, adding that “tried and tested contingency plans are in place for local areas who use this service”.
In 2017, the NHS was hit by a large cyberattack carried out by the ransomware gang WannaCry. Javvad Malik, Lead Security Awareness Advocate at KnowBe4, notes: “The 111 outage brings back many unfortunate memories of Wannacry which crippled the NHS. While no details have been released about the root cause of the 111 service outage, all signs would seem to indicate ransomware to be the cause.”
“One needs to look at the root causes of attacks and try to address them. This could be through implementing stronger authentication, having a patch management process in place, and running a security awareness and training programme for staff so that a culture of security is created whereby security issues can be quickly detected and responded to.”
Additionally, Jamie Akhtar, CEO and co-founder of CyberSmart, warns of an increased risk of attacks elsewhere following the incident: “It’s likely that we will see more attacks of this nature in the coming months. Classified by the NCSC as a ‘Category One’ attack, this situation does not bode well for the future of UK public sector cybersecurity. Although the NCA states that only a few servers were impacted and disruption was minimal, the consequences of attacks such as these can be devastating.”
Worryingly, research by Armis on NHS Trusts indicates that “suspicious activity” – including “exploit attempts, drive-by attacks, port scans, and connections to the dark web” – has risen since this April, with 80% of Trusts experiencing a record level of suspicious activities.
Andy Norton, European Cyber Risk Officer at Armis, notes that: “Trusts’ abilities to protect themselves from these threats have remained the same since pre-April.”
“What is clear from these figures is that NHS infrastructure is being targeted more heavily than ever before, so gaining visibility and understanding of all connected assets is vital to the health of these critical services.”