NHS-ambulance
Image: Ian Taylor

NHS working with UK cyber authorities to assess ransomware attack on IT vendor

The United Kingdom’s National Health Service said it is working with the country’s National Cyber Security Centre to investigate a recent ransomware attack on an IT vendor.

Advanced, which provides several products to NHS hospitals and clinics, said its systems were disrupted by a ransomware attack on August 4. 

The company did not respond to requests for comment but said in a statement that it isolated all of its health and care environments where the attack was discovered. 

Advanced explained that customers using Adastra, Caresys, Odyssey, Carenotes, Crosscare, Staffplan and eFinancials have been affected by the ransomware attack. 

An NHS England spokesperson told The Record that the NHS has “tried and tested contingency plans in place” including defense systems protecting their own network. They are now working with the National Cyber Security Centre to “fully understand the impact.” 

“The public should continue to use NHS services as normal including NHS 111 for those who are unwell, although some people will face longer waits than usual, as ever if it is an emergency, please call 999,” the spokesperson said.

The NHS did not respond to questions about whether patient data was accessed during the attack. On an average day, more than 250,000 people attend an outpatient appointment through the NHS. It operates more than 1,229 hospitals across the U.K.

The BBC spoke with at least one doctor who said the attack crippled their administrative systems, forcing them to see patients without any access to their medical histories. 

The NHS 111 service uses Adastra while other NHS arms use Caresys and Carenotes for things like note-taking and tracking visitors. 

When the attack originally happened last week, several NHS departments faced outages according to The Guardian. Services like dispatches for ambulances, referrals for patients, appointment bookings, prescriptions and more were impacted by the ransomware attack. 

Nick Broughton, chief executive of Oxford Health NHS foundation trust, wrote a letter to staff members this week explaining the outages would last for weeks and that the attack targeted some finance systems. 

Adastra could be down for about two weeks while Carenotes will be impacted for more than three weeks, according Broughton. Advanced later said it may take a month for systems to be fully restored. 

This is not the first ransomware attack to hit the NHS. In May 2017, the hospital system was infected with WannaCry ransomware, disrupting more than 80 hospitals and costing the government an estimated $90 million. The attack led to more than 19,000 appointments being cancelled over a one-week period.

No ransomware group has come forward to claim the attack, but the Conti ransomware gang previously launched a devastating attack on the Irish healthcare system in May 2021, causing weeks of disruption at the country’s hospitals. 

Ireland refused to pay the $20 million ransom and now estimates it may end up spending $100 million recovering from the attack. Irish Minister of State Ossian Smyth said it was “possibly the most significant cybercrime attack on the Irish State.” 

The group similarly crippled dozens of hospitals in New Zealand and made a point of going after U.S. healthcare and first responder networks, including law enforcement agencies, emergency medical services, 911 dispatch centers, and municipalities within the last year, according to the FBI.

Healthcare organizations have been a prime target for ransomware groups and other malicious hackers in recent years.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.