NHS hit by a ransomware attack on third-party software service provider.
A ransomware attack on a third-party software service provider has hit the NHS.
On 4th August, Advanced, a software service provider, was hit by a ransomware attack, causing major outages for a variety of NHS and social care services.
Those affected included the NHS 111 call centre, which uses the Advanced service to dispatch ambulances to patients, various GP practises across the country, which use an Advanced booking system, and various other departments, including care homes.
While it is still too early to determine whether any data was exfiltrated during this attack, the impact has been extensive, and while a fix is being developed, initial reports indicate that it could take up to 10-12 days before services resume normal.
This is yet another serious incident that demonstrates why the NHS and other enterprise organisations have mandatory controls in place for their supply chain.
In recent years, the NHS has mandated Cyber Essentials certification (now Cyber Essentials Plus), security awareness training, and credential security such as MFA. Despite the presence of these controls, the attack occurred, so it is unclear whether the controls were in place or not!
In any case, this attack is extremely unfortunate at a time when the NHS is attempting to clear the backlog in services caused by the pandemic, and it is yet another example of attackers looking to disrupt our lives in any way they can, with no regard for the people who suffer the most as a result, the patients who require the service.
Brigantia always recommends a layered approach to security; the more layers of complexity you stack up, the less likely an attack will succeed. Please use the button below to contact us for more information on layered security...