IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Cyber attack on software supplier causes "major outage" across the NHS

Unconfirmed reports suggest the attack may be ransomware-related, while the NHS contends with disrupted services on the 111 non-emergency line

A software supplier to the UK’s National Health Service (NHS) has reportedly been the victim of a cyber attack leaving many services disrupted.

Emergency prescription services, ambulance dispatching systems, and the non-emergency 111 line, among others, are thought to be affected.

The attack has been confirmed by software supplier Advanced. The company told IT Pro that the incident was first spotted on Thursday morning and resulted in a loss of service.

Only a small proportion of the supplier’s servers were affected, its CEO Simon Short said, and all health and care environments were isolated as a precaution.

“Early intervention from our Incident Response Team contained this issue to a small number of servers representing an extremely small percentage of our Health & Care infrastructure,” said Short. “The protection of services and data is paramount in the actions we have and are taking.

“We continue to work with the NHS and health and care bodies as well as our technology and security partners focused on recovery of all systems over the weekend and during the early part of next week. In the meantime, those NHS impacted services will continue to operate using contingency.”

Short told Sky News that the affected servers comprised only 2% of its health and care infrastructure.

Advanced told IT Pro that an update on the incident is expected later today and has not yet responded to follow-up questioning.

The National Crime Agency (NCA) and National Cyber Security Centre (NCSC) are both involved in the investigations.

“The NCA is aware of a cyber incident affecting the company Advanced and is working with partners to better understand its impact,” it told IT Pro but declined to comment any further.

The disruption experienced across the NHS has been described differently by different arms of the organisation. A spokesperson speaking to the BBC said the disruption was “minimal”, however, the Welsh Ambulance Service described it as a “major outage of a computer system”.

An increasing number of experts have been vocal in their beliefs that the cyber attack could be ransomware in nature. The Telegraph first reported that there were indications that ransomware was involved but no official confirmation of these beliefs has been made yet.

“While no details have been released about the root cause of the 111 service outage, all signs would seem to indicate ransomware to be the cause,” said Javvad Malik, lead security awareness advocate at KnowBe4 to IT Pro.

Other experts have said that the threat actors behind the attacks are likely to be from Russia, given the UK's support for Ukraine during the ongoing war between the two eastern European countries, although the identities of the attackers have not been confirmed yet by officials.

It is currently unclear who is behind the attack or how they gained access to Advanced’s systems. An analysis of the major ransomware groups’ blogs shows none have claimed responsibility for the attack at present.

Ransomware groups have recently pivoted to a double extortion model. Victims typically have data stolen before the ransomware program infects and locks users out of their systems. 

A negotiation period is usually afforded to victims, during which time the cyber attackers will attempt to convince the victim to pay a ransom to restore access to their systems and to prevent the leakage of the data that was stolen.

If a victim refuses to pay during a given timeframe, the data is usually posted online which presents legal, regulatory, and reputational risks to victims and their businesses.

The advice generally given to ransomware victims is never to pay the criminals. There is no guarantee they will restore access once the payment is made and to pay them is a direct act of funding crime.

Some organisations running critical services are forced to pay, however, given the operational necessity that their services continue, such as Colonial Pipeline’s incident last year.

Featured Resources

Three ways manual coding is killing your business productivity

...and how you can fix it

Free Download

Goodbye broadcasts, hello conversations

Drive conversations across the funnel with the WhatsApp Business Platform

Free Download

Winning with multi-cloud

How to drive a competitive advantage and overcome data integration challenges

Free Download

Talking to a business should feel like messaging a friend

Managing customer conversations at scale with the WhatsApp Business Platform

Free Download

Recommended

Automation is helping the NHS clear its patient backlog, but not as quickly as expected
automation

Automation is helping the NHS clear its patient backlog, but not as quickly as expected

28 Sep 2022
DHSC sets out ambitious targets for NHS App by 2023, beyond
Business strategy

DHSC sets out ambitious targets for NHS App by 2023, beyond

29 Jun 2022

Most Popular

Vodafone UK confirms talks to merge with Three are underway
mergers and acquisitions

Vodafone UK confirms talks to merge with Three are underway

3 Oct 2022
BT's new platform promises to slash AI development time from months to days
artificial intelligence (AI)

BT's new platform promises to slash AI development time from months to days

3 Oct 2022
How to secure your hybrid workforce
Advertisement Feature

How to secure your hybrid workforce

23 Sep 2022