Fears over patient data after ransomware attack on NHS software provider | NHS
Patient data could have been stolen in a cyberattack on an NHS software provider, experts have warned, as an internal memo reveals the incident severely disrupted the functioning of several key health services.
Areas of the health service affected include the 111 telephone advice service, medical practices and some specialist mental health trusts.
The National Cyber Security Center (NCSC) and other government agencies are trying to uncover the extent of the damage caused by the incursion, fearing sensitive medical information was taken in the process.
Advanced, which provides services for NHS 111 and patient records, confirmed on Wednesday night that it had been hit by ransomware in last week’s attack.
British society said it was investigating “potentially impacted data” and that it would provide updates when it has more information on “potential data access or exfiltration”.
The NCSC, which is part of GCHQ, said it was “working with the business to fully understand the impact, while supporting the NHS”. The attack affected 111 services across the UK.
The Information Commissioner’s Office, the data watchdog, confirmed it was aware of the incident, which happened on Thursday August 4, and was “investigating”.
A leaked internal NHS England document, seen by the Guardian, revealed that “a number of NHS services, including NHS 111, some emergency treatment centers and some mental health providers use software which has been taken offline”.
“This represents a significant challenge for these services,” he added.
The document also warns that resolving computer problems created by the hack “may take some time”. Even after Advanced offers a supposed fix, it will take “potentially 10-12 days” for things to get back to normal.
This is due to the need to “undertake their own insurance, configure their systems and resolve any issues that may have been created by the outage”. NHS Digital will also have to approve Advanced’s plan as “safe”, it adds.
The memo adds that 111 has a litany of problems after the attack, including:
The service takes longer to respond to calls.
Managers cannot make an appointment with a GP, either in a family practice or in an access centre.
Being unable to book patient slots at a pharmacy, to pick up medication or from a dental provider.
GP services could receive more patients than usual due to problems resulting from the cyberattack, the document adds, with family doctors urged to self-manage patients they would normally tell to call the service of advice.
Additionally, for GP center staff, “access to patient NHS numbers will not be available for the duration of this incident” as electronic patient records are not available.
However, ‘NHS numbers can be found retrospectively’ and ‘GP Access Centers should accept referrals from patients without an NHS number’.
The NHS Confederation has said NHS staff, especially GPs, will face a massive task of entering paper notes and checking patients once the disruption is over.
The NHS England internal memo says there is “currently no evidence to suggest that patient data has been compromised”. However, it is understood that patient data security is still under investigation.
Information security consultant Alexi Drew said the Information Commissioner’s involvement indicated serious concerns about whether patient data had been taken.
“If the ICO is involved, it must believe there is a credible risk that personal data has been stolen,” she said.
The Health Service Journal reported on Wednesday that a “system outage” of the Carenotes electronic patient record – an advanced product – has affected at least nine NHS mental health trusts. Advanced software is used in 36 acute trusts or mental health trusts in England, according to Digital Health Intelligence.
The attack also affected the Advanced Adastra system, which helps 111 administrators dispatch ambulances and is a patient management system for emergency care.
A spokesperson for NHS England said: “While Advanced has confirmed that the incident affecting its software is ransomware, the NHS has proven contingency plans in place, including robust defenses to protect our own networks, as we work with the National Cyber Security Center to fully understand the impact.
“The public should continue to use NHS services as normal, including NHS 111 for those who are not feeling well, although some people will face longer than usual waits as always if they are unwell. is an emergency, please call 999.”
Alan Woodward, professor of cybersecurity at the University of Surrey, said all patient data on affected advanced systems would be at risk.
He said: “Even if it was ransomware… that doesn’t mean the data wasn’t stolen. Ransomware has evolved not only to encrypt data on users’ devices, but also to steal the data (the real valuable item) and demand a ransom for its safe return/destruction.
Advanced said it believes it has “contained” the incident, but some services may take weeks to recover.
“As far as the NHS is concerned,” he said. “We are working with them and the NCSC to validate the additional steps we have taken, at which point the NHS will begin to bring its services back online.
“For NHS 111 and other urgent care customers, we expect this step-by-step process to begin in the coming days.
“For other NHS customers, our current view is that it will be necessary to maintain existing contingency plans for at least another three to four weeks.”