NHS 111 Cyber Attack Blog

NHS 111 cyber-attack and the long-term impact on urgent healthcare services.

The NHS 111 service recently suffered a cyber-attack, which caused issues with providing urgent healthcare and medical advice to people in need. The service provides medical advice to people in need of medical attention and provides them with the right pathway to the service they need to treat their ailments, even organising transportation to hospital if deemed an emergency.

Criminals target healthcare frequently and are successful in exposing vulnerabilities and weaknesses within healthcare systems and the NHS are highly targeted and have suffered breaches in the past.

The cyber-attack affected the management software that the NHS use for this service supplied by Advanced. The company identified the incident on 4th August. Whilst the system is used by 85% of NHS 111 providers throughout the United Kingdom, the company said that the issue had been confined to only 2% of its health and care infrastructure.

However, Advanced have detailed on their website the each of the services they are working to put right, and these include:

Clinical Patient Management
Emergency care settings and dispatching of ambulances to take patients to hospital

Care Home Management Software
Providing residential care home provides a system to reduce paper-based care plans and mobile support to care workers.

Clinical Decision Support
Helps ensure patients with urgent and primary health problems receive fast, accurate, safe assessment and advice.

Electronic patient record software
Community and mental healthcare services for them to plan, manage, record, and analyse care across a range of settings.

Clinical management for hospices and private practice
Provides hospice administration for inpatient and outpatient referrals.

Care management software
Help for domiciliary carers with efficient working practices and improve scheduling.

With press headlines warning of NHS 111 delays after cyber-attack, this is what some of the regions said about the issue.

  • The Welsh Ambulance service warned that 111 calls may take longer to answer.
  • NHS England warned that GPs could see an increase in the number of patients they see due to the 111 disruptions.
  • The Scottish Government has said it is working with the National Cyber Security Centre, to gauge the impact of the attack, but admitted there would be a level of disruption.

What is the effect on operational continuity?

Several NHS services including NHS 111 have had to be shut down and some are yet to be returned to full working order.

As a response to the breach Advanced are running blocking rules, restricting privileged accounts for Advanced staff, scanning all impacted systems to ensure they have been patched and resetting credentials.

All of which takes time and will cause a significant cost at a time when the NHS are already stretched.

Despite all these processes being implemented – in some cases, the systems will not be back to being fully operational for another 3-4 weeks.

The NHS is target for cyber-attacks

Cyber criminals target highly valuable data, and personal health information, of which medical data is a prime example.

The NHS is vast and the ability to quickly share patients’ data is key to ensuring the patient gets the best medical care for their ailment at the time.

With some of the IT systems being compromised, the process of sharing that data becomes so much more complicated.

Who does it affect?

Unfortunately, you are more likely to need to contact the NHS 111 service in your hour of need – when you urgently need quick medical advice. If the NHS cannot do their job, passing relevant information on to other areas of the NHS to ensure the best care is given with the right information about the patient, then it seriously affects the heath care they can provide to that individual, and may end up causing more harm by not providing the right medication to treat the patient.

Furthermore, if care workers resort to pen and paper or other means to report on patients’ information, this can then lead to further data breaches, notes left lying around, visible to all, for example.

It affects anyone who urgently needs care, but also affects the NHS workers ability to be able to do their job properly. Without access to key systems, there is a chance of further breaches, and the relevant information not reaching the clinician in time to treat them effectively.

The NHS service has said that contingency plans will remain in place for several weeks, whilst Advance seek to restore systems back to their capability before the attack.

What’s next?

The National Cyber Security Centre (NCSC) are currently investigating the cyber-attack with concerns that patient data has been stolen. The Information Commissioners Office (ICO) are watching proceedings closely.

Was it a Ransomware Attack?

It is thought that the cyber-attack was a ransomware attack, where criminals access your system and prevent access to your system until you pay a fee.

However, understanding the exact nature of the cyber-attack, how the system was compromised and whether patient data was stolen or not, is likely to take a while to unearth. The key thing to understand is that cyber criminals will continue to target highly valuable systems and data such as the NHS, so it is important to ensure that access to all your systems, processes and files can only be accessed with the strongest phishing resistant authentication such as PKI or FIDO, and all systems are backed up regularly, so if you were to suffer a Ransomware attack, you could revert to the most recent backup.

Although you really want to have a system in place to avoid such penetration by cybercriminals in the first place.

MyID credential management for secure healthcare employee identity

MyID credential management system provides healthcare providers in the UK, Europe, and the US with a cryptographically protected digital identities across large numbers of employees using PKI or FIDO for the most secure method of multi-factor authentication and reduces the threat of data breach by removing weak user credentials. Ensuring that those employees accessing secure networks, systems and data are who they claim to be, whilst providing easy access for healthcare professionals to access the information and technology they need for their role.

Contact us today for a demo

Trusted by Governments and Enterprises Worldwide

Where protecting systems and information really matters, you will find Intercede.  Whether its citizen data, aerospace and defence systems, high-value financial transactions, intellectual property or air traffic control, we are proud that many leading organisations around the world choose Intercede solutions to protect themselves against data breach, comply with regulations and ensure business continuity.