NHS 111 system hit by cyber attack
Days of disruption predicted as staff are forced to resort to pens and paper
THE security services last night began an investigation into a cyber attack on the NHS 111 system that has left patients struggling to get urgent appointments and ambulance call-outs.
NHS 111 staff have been forced to use pens and paper after a crucial system was shut down by hackers feared to be linked to a hostile state.
The public have been told to expect delays when calling the non-emergency line as NHS sources said the disruption could drive patients to overstretched A&E departments over the weekend. Officials believe normal service will not resume until Tuesday at the earliest.
Hackers targeted Advanced, a firm that supplies software to 85 per cent of NHS 111 services. The firm’s Adastra system allows call handlers to dispatch ambulances, book out-of-hours urgent appointments, and fulfil emergency prescriptions.
Care homes that use the firm’s Caresys software have also been affected, along with mental health services across the NHS that use its record management system.
An NHS source said: “At the moment, call handling and response times are holding up, but there is a concern that that situation may change over the weekend and that we could see a deterioration. Cases in need of an ambulance are being prioritised.”
NHS 111 call handlers have been told to use an alternative system to dispatch ambulances, the source added.
The National Cyber Security Centre said it was working with Advanced to investigate the cause of the breakdown.
It comes after the Five Eyes intelligence alliance, consisting of Britain, Australia, Canada, New Zealand and the US, warned of the risk of state-sponsored cyber attacks co-ordinated from Moscow targeting critical organisations including the NHS, nuclear power stations and parts of the Civil Service.
There was said to be intelligence suggesting hackers within the Russian government were seeking to engage in “malicious cyber activity” in response to the “unprecedented economic sanctions” imposed on Moscow over the Ukraine war. All NHS trusts were warned in March to shore up their cyber security systems and ensure they had backups in place.
Bob Seely, a Conservative MP on the foreign affairs committee, said: “It is undoubtedly true that cyber warfare is one of the tools of modern hybrid, fullspectrum conflict. It is used by adversarial states, including Russia, and other states like China. This attack could be criminal gangs acting with the tacit support of the Russian state or it could be the Russian state itself. Considering that we are one of the major supporters of Ukraine, if it is the Russians it’s not exactly going to be unexpected.”
The attack left NHS 111 staff “working on paper” and was “negatively affecting” response times, according to a letter from NHS bosses sent to London
‘Call handling and response times are holding up, but there is a concern that that situation may change’
GPS. The letter, seen by Pulse, the magazine, said that call handlers had been left unable to book appointments for patients directly and that family doctors had been asked to “manage calls where possible”.
Direct booking for call handlers into other services was shut down and staff were told to try to make bookings by phone or email instead.
The Welsh Ambulance service said the “major outage” had affected all four UK nations and it could take longer for 111 calls to be answered over the weekend. Pharmacy sources said the attack would also affect patients calling NHS 111 for emergency out-of-hours prescriptions. Pharmacists have been told to check NHS emails for referrals and they may receive calls from NHS 111 staff directly. Health officials last night encouraged patients to continue to call 111 for non-urgent health issues.
Other systems owned by Advanced that have been affected include Caresys, software which is used by more than 1,000 care homes. A patient record management system, Carenotes, which is used by more than 40,000 clinicians predominantly in mental health services, has also been shut down.
Simon Short, chief operating officer of Advanced, said a “security issue” was identified on Thursday. “We can confirm that the incident is related to a cyber attack, and as a precaution we immediately isolated all our health and care environments,” he said.
The British software firm has more than 25,000 customers and a turnover of £330million, according to its website. It has offices in Birmingham, Kent, Atlanta, Bangalore, and Melbourne. This latest attack will raise fears that hackers could target private companies that work with the NHS.
In 2017, parts of the NHS were crippled by a cyber attack from hackers in North Korea. Hospitals, pharmacies and GP surgeries were hit, with some hospitals forced to cancel treatment and operations. In May, Russian hackers from the criminal group Killnet said they had attacked vital NHS ventilator networks after a member of their gang was arrested in the UK.
It came as the Society for Acute Medicine warned last night that the NHS was running at “unsustainable levels”, with long delays in emergency departments, staff shortages and a lack of beds. Isle of Wight NHS Trust yesterday declared a critical incident in response to “sustained pressure”.
An NHS spokesman said 111 services were available, but to call 999 in an emergency: “There is currently minimal disruption and the NHS will continue to monitor the situation as it works with Advanced to resolve their software system as quickly as possible.”