NHS cyberattack impacts essential 111 service, highlights healthcare vulnerabilities
A cyberattack on NHS service provider Advanced disrupted the critical 111 healthcare line, highlighting the urgent need for robust cybersecurity measures within healthcare systems.
2024-01-17
'%3e%3cpath%20d='M4%204L15.733%2020H20L8.267%204H4Z'%20stroke='%230671C0'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3cpath%20d='M4%2020L10.768%2013.232M13.228%2010.772L20%204'%20stroke='%230671C0'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_8149_16006'%3e%3crect%20width='24'%20height='24'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M5.37214%2023.8745H0.396429V8.10162H5.37214V23.8745ZM2.88161%205.95006C1.29054%205.95006%200%204.65279%200%203.08658C1.13882e-08%202.33427%200.303597%201.61278%200.844003%201.08082C1.38441%200.548853%202.11736%200.25%202.88161%200.25C3.64586%200.25%204.3788%200.548853%204.91921%201.08082C5.45962%201.61278%205.76321%202.33427%205.76321%203.08658C5.76321%204.65279%204.47214%205.95006%202.88161%205.95006ZM23.9946%2023.8745H19.0296V16.1963C19.0296%2014.3665%2018.9921%2012.0198%2016.4427%2012.0198C13.8557%2012.0198%2013.4593%2014.0079%2013.4593%2016.0645V23.8745H8.48893V8.10162H13.2611V10.2532H13.3307C13.995%209.01393%2015.6177%207.70611%2018.0386%207.70611C23.0743%207.70611%2024%2010.9704%2024%2015.2102V23.8745H23.9946Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24588'%3e%3crect%20width='24'%20height='27'%20fill='%234A4D53'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M13.957%2014.75L14.668%2010.0848H10.2225V7.05745C10.2225%205.78115%2010.8435%204.53707%2012.8345%204.53707H14.8555V0.565174C14.8555%200.565174%2013.0215%200.25%2011.268%200.25C7.60703%200.25%205.21403%202.48441%205.21403%206.52931V10.0848H1.14453V14.75H5.21403V26.0278H10.2225V14.75H13.957Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24590'%3e%3crect%20width='16'%20height='25.7778'%20fill='%234A4D53'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
The recent cyberattack that disrupted the NHS’s 111 service has raised serious concerns about cybersecurity within the healthcare sector. The attack targeted Adastra, an essential software service used to refer patients, schedule out-of-hours appointments, and dispatch ambulances. Operated by Advanced, this software supports around 85% of NHS 111 services, making its breach a significant blow to healthcare operations and accessibility.
While NHS England initially didn’t confirm a cyberattack, Advanced later verified that a cyber incident had taken place, though their quick response reportedly prevented a complete system failure. Although the disruption was reportedly minimal, this attack has exposed vulnerabilities in a critical public health service, prompting a closer examination of cybersecurity in healthcare.
Why Adastra Software Is a Prime Target for Cyberattacks
The NHS uses Adastra software across the majority of its 111 services, highlighting its integral role in patient care. By managing referrals, emergency prescriptions, and ambulance dispatch, this software is indispensable to the public health system.
Cybercriminals increasingly target such critical systems because:
- High Sensitivity of Data: Patient records and sensitive information make healthcare data highly valuable.
- Urgency of Services: A disruption in emergency healthcare services, such as 111, can have life-threatening consequences, adding pressure on healthcare providers to resolve incidents quickly, often by paying ransoms.
- Reliance on Legacy Systems: Many healthcare organizations rely on legacy systems that are more vulnerable to security breaches due to outdated software and hardware components.
Why Healthcare Needs Enhanced Cybersecurity
The NHS cyberattack on Adastra echoes the 2017 WannaCry ransomware incident, which also targeted the healthcare sector, causing severe operational disruptions. Security experts, including Javvad Malik from KnowBe4, have pointed to ransomware as the likely cause behind the recent NHS service outage. Malik stresses the need for a holistic approach to address root vulnerabilities, emphasizing multi-layered cybersecurity strategies such as:
- Stronger Authentication: Implementing multi-factor authentication (MFA) to protect critical applications.
- Patch Management Processes: Regularly updating software to protect against known vulnerabilities.
- Security Awareness Training: Educating staff to recognize suspicious activities and follow cybersecurity best practices.
These measures could help prevent future attacks by limiting attackers' ability to exploit common vulnerabilities.
1. Implement Stronger Authentication Measures
One of the most effective ways to protect healthcare systems is through multi-factor authentication (MFA). MFA requires additional credentials beyond just a password, adding a layer of security against unauthorized access. This approach can prevent attackers from easily gaining access even if a single set of login details is compromised.
For organizations with limited resources, deploying MFA for the most critical systems, like emergency response software or patient record databases, should be the first step.
2. Improve Patch Management Processes
In many healthcare organizations, patch management remains a challenge, particularly in settings with older systems or a lack of IT resources. The WannaCry attack in 2017 demonstrated how unpatched systems could lead to catastrophic breaches. Regularly updating software to fix security flaws and other vulnerabilities can greatly reduce risks.
To manage patches effectively:
- Schedule regular assessments to identify and prioritize critical updates.
- Develop a system for monitoring and applying patches in real-time.
- Consider automated patch management tools to streamline this process and reduce human error.
Implementing a strong patch management program can prevent many types of malware from taking root in healthcare systems.
3. Launch Comprehensive Security Awareness Programs
A well-rounded security awareness training program is essential for preventing human error, one of the leading causes of security breaches in healthcare. For healthcare professionals, training should include recognizing phishing emails, understanding social engineering tactics, and learning secure data handling practices.
Investing in ongoing employee education helps build a proactive security culture where staff are more vigilant and able to respond effectively to potential threats.
Explore the Security Awareness Training provided by Keepnet Labs to equip your staff with skills that can prevent similar incidents. Keepnet's Human Risk Management Platform offers tools for enhancing security culture, risk detection, and threat prevention.
What Can Other Sectors Learn from the NHS Cyberattack?
The NHS cyberattack serves as a case study for all sectors, not just healthcare. Essential learnings for industries across the board include:
- Conduct Regular Security Assessments: Understanding which systems are vulnerable allows organizations to preemptively secure their operations.
- Prioritize Data Protection: Sensitive data should be encrypted and access-controlled, with only authorized personnel able to view or manipulate it.
- Develop and Test Contingency Plans: To minimize disruption in case of an attack, organizations need well-prepared contingency plans and backup systems. The NHS's minimal disruption during this attack indicates that some level of planning had been done, but further testing and improvement are needed.
Why Cybersecurity in Healthcare is Vital for Patient Safety
The healthcare sector, as demonstrated in this latest NHS cyberattack, is a high-stakes industry where even minor disruptions can have serious consequences for patients. Cyberattacks can not only cause operational delays but can also threaten patient lives if they impact critical systems or medical devices.
How to Safeguard Patient Data in Healthcare
To protect patient data and enhance cybersecurity, healthcare organizations should:
- Encrypt Sensitive Data: Encrypting patient data ensures that it remains safe even if accessed by unauthorized users.
- Implement Access Controls: Use role-based access to limit who can view or change sensitive patient information.
- Regularly Monitor for Intrusions: Use threat intelligence tools to monitor unusual activities that could indicate a security breach.
For healthcare organizations, investing in security technologies is essential, as is fostering a culture of security awareness among staff to improve incident response times.
The Role of Government in Supporting Healthcare Cybersecurity
Governmental bodies should take an active role in supporting cybersecurity efforts across public health systems. Key actions could include providing cybersecurity guidelines, funding for healthcare IT infrastructure upgrades, and regular cyber resilience audits for public health organizations.
Security Awareness Training for Healthcare
As cyber threats become more sophisticated, healthcare organizations and other critical sectors must stay vigilant. Investing in robust cybersecurity measures not only protects data but ensures continuity of essential services.
The NHS cyberattack underscores the importance of cybersecurity in healthcare and the need for enhanced security awareness training, patch management, and data protection strategies. Adopting a multi-layered cybersecurity approach will ensure public health services can continue serving patients, even under attack.
Read our guide and learn 5 benefits of Security Awareness Training in Healthcare
Protect Your Patients, Protect Your Mission
The NHS cyberattack is a wake-up call.
If healthcare systems as critical as 111 can be disrupted, no organization is immune. The time to act is now.
With Keepnet’s Human Risk Management Platform, you can:
- Launch real-world phishing, smishing, vishing, and QR code simulations tailored for healthcare staff.
- Deliver role-based Security Awareness Training that’s adaptive, gamified, and behavior-focused.
- Reduce human risk with real-time attack detection and instant micro-learning nudges.
- Monitor risk scores by department, job role, or location to prioritize your defenses.
Don’t let human error become a gateway for ransomware.
👉 Schedule your free demo now and see how Keepnet can build a resilient cybersecurity culture across your organization.
Editor’s note: This blog was updated June 10, 2025
SHARE ON