Hackers are holding an IT firm that supplies NHS trusts to ransom following a cyber attack last week, according to sources. Health bosses are concerned criminals have access to confidential health records and could leak them if their demands aren’t met.
The software company Advanced, which provides patient data to dozens of trusts and most NHS 111 providers in England, was hacked last Thursday.
Call handlers across 85 per cent of the country are still without a crucial IT system and have had to resort to using pen and paper for the past week.
Agencies including the National Crime Agency and GCHQ are now investigating the data breach.
A source close to the investigation said the attackers have made ‘some demands’, according to the Health Service Journal, although it is not entirely clear what they are.
But there is a suggestion cyber criminals are looking for payments in exchange for not leaking information and removing the malware.
Hackers have issued demands to an IT firm that supplies NHS trusts after it was hacked last week, it was claimed today. Pictured: The company Advanced’s Adastra software that is used by 85 per cent of NHS 111 providers in England
NHS tells trusts to shore-up cyber security amid fears of Russian hack
NHS trusts have been told to firm up their cybersecurity amid fears of a Russian attack in retaliation to Western interference in the war in Ukraine.
Health chiefs have written to hospitals telling them to make it their ‘focus’ to keep their systems secure and make sure backups are in place.
There have been widespread concerns about the technological resilience of the NHS which only last year stopped using fax machines.
It was famously hacked in 2017 in the WannaCry attack, which brought the whole health service to a standstill for days and cost the UK £92million.
Amanda Pritchard, chief executive of NHS England, in March told a summit that cyber-security was being brought to the ‘forefront’ in the wake of the situation in Ukraine.
She added the health service was examining its supply chain resilience in the event of a Kremlin attack here or elsewhere.
Security officials fear the NHS, government and business could be prime targets for Moscow, which has one of the world’s most sophisticated cyber capabilities.
GP notes, mental health records and patients’ unique NHS numbers are thought to have been affected in the attack.
An Advanced spokesperson said: ‘With respect to potentially impacted data, our investigation is under way.
‘When we have more information about potential data access or exfiltration, we will update customers as appropriate.’
Advanced’s Adastra software, one of the systems that was attacked and is used by NHS 111, covers 40million patients, according to the company.
The criminals also hacked the company’s Carenotes EPR software, which holds mental health records.
Affected mental health trusts warned staff are currently facing a ‘pretty desperate’ situation, still unable to access vital patient records.
One mental health trust chief executive, who preferred to stay anonymous, told the HSJ: ‘It’s really difficult and the longer it goes on, the harder it gets for staff.’
Advanced said it will bring its NHS 111 and urgent care services back online ‘within the next few days’.
But it could take another month before Carenotes EPR is back online.
Advanced said: ‘We are working tirelessly to bring this timeline forward, and while we are hopeful to do so, we want our customers to be prepared.
‘We will continue to provide updates as we make progress.’
Carenotes EPR is used by at least nine mental health trusts, and dozens of other trusts use different software from the company that is still offline.
Meanwhile, affected NHS 111 call handlers currently do not have access to the GP records or NHS numbers of people ringing the non-emergency service.
They are also unable to make electronic bookings with GPs or send out ambulances for patients while the Adastra software is still offline.
An Advanced spokesperson said: ‘We want to stress that there is nothing to suggest that our customers are at risk of malware spread and believe that early intervention from our Incident Response Team contained this issue to a small number of servers.
‘Since our Health and Care systems were isolated at the end of last week, no further issues have been detected and our security monitoring continues to confirm that the incident is contained, allowing our recovery activities to move forward.’
Ransomware attacks on companies — in which gangs embed malware into IT systems and demand money for the return of stolen information — are becoming more common across industries.
The attack was initially feared to be from another country, with NHS trusts told to firm up cybersecurity in March.
Health chiefs wrote to hospitals amid fears of a Russian attack in retaliation to Western interference in the war in Ukraine.
They were told to make it their ‘focus’ to keep their systems secure and make sure backups are in place.
There have been widespread concerns about the technological resilience of the NHS which only last year stopped using fax machines.
It was famously hacked in 2017 in the WannaCry attack, which brought the whole health service to a standstill for days and cost the UK £92million.
HOW DID THE 2017 WANNACRY CYBER ATTACK CRIPPLE THE NHS?
More than a third of hospital trusts had their systems crippled in the WannaCry ransomware attack in May 2017.
Nearly 20,000 hospital appointments were cancelled because the NHS failed to provide basic security against cyber attackers.
NHS officials claimed 47 trusts were affected – but the National Audit Office (NAO) found the impact was far greater, and in fact 81 were hit by the attack.
When the attack started on May 12, it ripped through the out-of-date defences used by the NHS.
More than a third of hospital trusts had their systems crippled in the WannaCry ransomware attack last May
The virus, which spread via email, locked staff out of their computers and demanded £230 to release the files on each employee account.
Hospital staff reported seeing computers go down ‘one by one’ as the attack took hold.
Locked out medics had to rely on pen and paper, while crucial equipment such as MRI machines were also disabled by the attack.
The report reveals nearly 19,500 medical appointments were cancelled, including 139 potential cancer referrals. Five hospitals even had to divert ambulances away at the peak of the crisis.
Hospitals were found to have been running out-of-date computer systems, such as Windows XP and Windows 7, that had not been updated to secure them against such attacks. Computers at almost 600 GP surgeries were also victims.
NAO claimed the cyber attack could have easily been prevented. Officials were warned repeatedly about the WannaCry virus beforehand, with ‘critical alerts’ being sent out in March and April.
Foreign Office minister Lord Ahmad confirmed the attack was carried out by the notorious North Korean cyber espionage group Lazarus.
Computer systems in 150 countries were caught up in the incident, which saw screens freeze with a warning they would not be unlocked unless a ransom was paid.
The Department of Health said that from January 2018 hospitals will be subject to unannounced inspections of IT security.
