Cyberattack hits NHS 111, users warned of delays

The NHS has warned that recovery is likely to be ongoing this week

Image:
The NHS has warned that recovery is likely to be ongoing this week

A critical system used for ambulance dispatch and emergency prescriptions has been affected.

People seeking medical assistance via the NHS 111 service have been warned to expect delays due to a significant system outage caused by a cyberattack.

The security issue was discovered early on Thursday according to Advanced, a firm that provides digital services for NHS 111.

The issue affected a system called Adastra that is used to refer patients for care, including ambulance dispatch, scheduling after-hours appointments, and issuing emergency prescriptions. As many as 85% of NHS 111 providers and several out-of-hours services use Adastra.

The cyberattack forced 111 employees around the UK to rely on pen and paper to continue providing service.

Simon Short, Advanced's chief operating officer, confirmed on Friday that the outage was the result of a cyberattack.

After recognising the problem, Short said the firm isolated its healthcare facilities to contain the attack. Early action like this limited the issue to a few servers, representing about 2% of Advanced's health and care infrastructure - although, unfortunately, quite critical systems.

It is believed that an independent group of cybercriminals, rather than a nation state, were responsible. Little information on the attack has been made public, but ransomware is suspected.

Advanced is working with the NHS, health and care organisations, and security partners to recover all systems now.

"In the meantime those NHS impacted services will continue to operate [using contingency,]" said Short

The National Crime Agency said it was aware of a cyber incident and is collaborating with Advanced to investigate.

The Welsh Ambulance Service called the impact of the attack 'major' and 'far-reaching,' impacting all four of the UK's nations.

It added that partners across Wales were implementing a plan so services could continue to operate, but warned that phone calls could take longer to be answered.

According to industry magazine Pulse, NHS England informed family physicians in London that they may receive more patients from NHS 111 as a result of the issue.

A representative for NHS England said there had been little interruption and that the situation was being monitored.

"NHS 111 services are still available for patients who are unwell, but as ever if it is an emergency please call 999," they said.

A spokesperson for the Scottish government said it was working with all health boards, the NCSC and Advanced to fully understand the potential impact of the incident.

"Continuity plans" are in place, they added.

The cyberattack comes months after the NHS cyber alert service warned that an unknown threat group was attacking unpatched VMware Horizon servers using the Log4Shell vulnerability, to establish a presence within the affected networks.

Attackers could then steal data or deploy malicious software such as ransomware.