British ambulances unable to access patient records system following cyberattack

A cyberattack impacting Swedish software company Ortivus has left at least two British ambulance services without access to electronic patient records.

Ortivus, which last week announced an incident impacting United Kingdom customer systems, said the attack took place on July 18.

The nature of the attack was not disclosed, and the company did not identify which customers were impacted, although it stressed patients had not been directly affected.

Two ambulance services in Britain that use Ortivus have been identified by The Register, with an insider telling the news site that staff were being forced to use pens and paper as a result.

In its statement Ortivus said : “The electronic patient records are currently unavailable and are until further notice handled using manual systems.”

Although calls to 999 are not believed to be impacted, the use of manual systems can delay the process when ambulance crews hand patients over to hospital staff.

The affected ambulance services cover the south-central and southwest parts of England, from Penzance to Oxford, and are responsible for responding to emergencies among a population of around 12.5 million.

Ortivus said that as of July 20 it was ready to re-initiate electronic patient records services, but was waiting for the system to be “approved and verified” for use by NHS England and the Ambulance Trusts.

A spokesperson for NHS England told Recorded Future News the Ortivus incident has impacted “a small number of ambulance services” and said their cybersecurity operations center was “supporting suppliers as they work to reconnect the system.”