Last week, Advanced, a key NHS IT partner was hit by a ransomware attack. The IT company has said that it could take three to four weeks for systems to resume normal service.
Advanced runs several key systems within the health service. One of its most important clients is the NHS 111 service.
The UK Government tried to downplay the seriousness of the incident last week by claiming “minimal disruption.” However, reports suggested that it disrupted patient referrals, emergency prescriptions, ambulance dispatches, out-of-hours appointment bookings.
An update was published by Advanced on 10th August which said that they were working with Microsoft DART, Mandiant, and the National Cyber Security Centre (NCSC) to investigate and remediate, with no further incidents detected and the original breach contained.
The statement said: “With respect to the NHS, we are working with them and the NCSC to validate the additional steps we have taken, at which point the NHS will begin to bring its services back online. For NHS 111 and other urgent care customers using Adastra and NHS Trusts using eFinancials, we anticipate this phased process to begin within the next few days.”
“For other NHS customers and care organisations our current view is that it will be necessary to maintain existing contingency plans for at least three to four more weeks. We are working tirelessly to bring this timeline forward, and while we are hopeful to do so, we want our customers to be prepared. We will continue to provide updates as we make progress.”
Advanced also disclosed that other services are also impacted by the attack, including its care home management software (Caresys) and patient record software (Carenotes).
No ransomware group has publicly claimed responsibility for the attack. It is also not yet know whether or not data was stolen.
Before bringing its systems back online, Advanced said they were implementing extra blocking rules, scanning all impacting systems and ensuring they are fully patched, conducting 24/7 monitoring, resetting credentials, and deploying additional endpoint detection and response agents.