Ransomware Attack on Advanced Disrupts NHS Services, Recovery Expected in 3-4 Weeks
Last week, IT partner Advanced was hit by ransomware, disrupting NHS 111 and emergency services. Recovery efforts, led by Advanced with support from NCSC and Microsoft, are ongoing with services expected to be restored in 3-4 weeks.
2024-01-18
'%3e%3cpath%20d='M4%204L15.733%2020H20L8.267%204H4Z'%20stroke='%230671C0'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3cpath%20d='M4%2020L10.768%2013.232M13.228%2010.772L20%204'%20stroke='%230671C0'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_8149_16006'%3e%3crect%20width='24'%20height='24'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M5.37214%2023.8745H0.396429V8.10162H5.37214V23.8745ZM2.88161%205.95006C1.29054%205.95006%200%204.65279%200%203.08658C1.13882e-08%202.33427%200.303597%201.61278%200.844003%201.08082C1.38441%200.548853%202.11736%200.25%202.88161%200.25C3.64586%200.25%204.3788%200.548853%204.91921%201.08082C5.45962%201.61278%205.76321%202.33427%205.76321%203.08658C5.76321%204.65279%204.47214%205.95006%202.88161%205.95006ZM23.9946%2023.8745H19.0296V16.1963C19.0296%2014.3665%2018.9921%2012.0198%2016.4427%2012.0198C13.8557%2012.0198%2013.4593%2014.0079%2013.4593%2016.0645V23.8745H8.48893V8.10162H13.2611V10.2532H13.3307C13.995%209.01393%2015.6177%207.70611%2018.0386%207.70611C23.0743%207.70611%2024%2010.9704%2024%2015.2102V23.8745H23.9946Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24588'%3e%3crect%20width='24'%20height='27'%20fill='%234A4D53'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M13.957%2014.75L14.668%2010.0848H10.2225V7.05745C10.2225%205.78115%2010.8435%204.53707%2012.8345%204.53707H14.8555V0.565174C14.8555%200.565174%2013.0215%200.25%2011.268%200.25C7.60703%200.25%205.21403%202.48441%205.21403%206.52931V10.0848H1.14453V14.75H5.21403V26.0278H10.2225V14.75H13.957Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24590'%3e%3crect%20width='16'%20height='25.7778'%20fill='%234A4D53'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
Ransomware Attack on Advanced Impacts NHS 111 Service and Emergency Operations
In recent cybersecurity news, Advanced, a key IT provider for the NHS, experienced a significant ransomware attack that disrupted essential services across the UK health sector. While the UK government downplayed the impact, calling it “minimal destruction,” the attack hindered critical operations in NHS 111, dispatch services, emergency prescriptions, ambulance services, and out-of-hours appointments. With an estimated 3-4 week recovery timeline, NHS services reliant on Advanced’s systems face continued disruptions.
This attack underscores the potential consequences of cyber threats in healthcare, affecting not only IT systems but also patient safety and continuity of care.
The Immediate Impact of the Attack
Advanced is responsible for multiple core systems within the NHS, with the NHS 111 service among its primary clients. As a result, the ransomware attack created bottlenecks across various healthcare services:
- Patient Dispatch Delays: NHS 111, which provides urgent healthcare guidance, experienced slowdowns in dispatching patients to appropriate care facilities.
- Emergency Prescriptions Affected: Prescription and medication services were also disrupted, potentially affecting timely patient care.
- Ambulance and Out-of-Hours Services Delayed: Ambulance dispatch and out-of-hours services were impacted, leading to delays and strained resources in emergency care.
Given the extensive reliance of NHS operations on Advanced’s systems, these disruptions highlight a weak link that could be exploited in similar attacks.
Advanced’s Response and Recovery Plans
In the face of this breach, Advanced coordinated with cybersecurity firms such as Dart, Mandiant, and Microsoft to investigate and remediate the attack. As of August 10, Advanced confirmed that the National Cyber Security Center (NCSC) is actively supporting the ongoing investigation. While the initial breach has been contained, restoring full system functionality for NHS services remains a multi-week effort.
Timeline for Service Restoration
According to Advanced’s latest update, the company is taking a phased approach to bring critical NHS services back online. For NHS 111 and other emergency services utilizing Advanced’s Adastra system, a gradual restoration process will begin soon. Full recovery for all NHS-related operations, however, may take another 3-4 weeks, and contingency plans are advised during this period.
Government Response and the Need for Resilient Cybersecurity in Healthcare
The UK government’s attempt to downplay the ransomware attack as “minimal destruction” stirred controversy, especially given the clear operational disruptions across NHS services. This highlights a broader issue: governments and healthcare providers need to adopt a proactive stance on cybersecurity. Maintaining system resilience is critical not only for IT departments but for healthcare professionals and the patients they serve.
Healthcare institutions must prioritize:
- Cybersecurity Awareness Training to prepare employees for potential ransomware threats, as seen in attacks on other sectors.
- Incident Response Plans to handle breaches with a rapid, coordinated response, minimizing impact on essential services.
- Threat Intelligence and Monitoring to detect vulnerabilities in third-party systems, such as Advanced’s platform, which can inadvertently affect an entire healthcare network.
Organizations can benefit from security awareness training to reinforce protective measures and prepare personnel for potential breaches. Advanced’s incident reflects the necessity for widespread cyber awareness and preparedness, given the frequent targeting of critical sectors by ransomware attackers.
The Importance of Contingency Plans
For NHS and other healthcare providers, the reliance on third-party IT systems underscores the importance of robust contingency plans. With contingency measures in place, healthcare services can mitigate service disruptions and manage patient needs even when primary systems are compromised.
The Long Road to Full Recovery
For NHS providers, Advanced’s phased approach to service restoration offers a glimmer of hope that operations will return to normal within the projected 3-4 week timeframe. However, the recovery process also serves as a reminder of the high stakes involved in healthcare cybersecurity. Ensuring the security and resilience of third-party providers, regular system updates, and constant vigilance are key to maintaining uninterrupted patient care.
Editor’s note: This blog was updated November 12, 2024
SHARE ON