Managed service provider (MSP) Advanced confirmed that a ransomware attack on its systems disrupted emergency services (111) from the United Kingdom’s National Health Service (NHS).
Customers of seven solutions from the British MSP have been impacted either directly or indirectly, the company said.
Full service recovery may take a month
The ransomware attack started to disrupt Advanced systems on Thursday, August 4 and was identified around 7 AM. It caused a major outage to NHS emergency services across the U.K.
Advanced did not disclose the ransomware group behind the attack but said that it took immediate action to mitigate the risk and isolated Health and Care environments where the incident was detected.
Implementing additional blocking rules and further restricting privileged accounts for Advanced staff
Scanning all impacted systems and ensuring they are fully patched
Deploying additional endpoint detection and response agents
Conducting 24/7 monitoring
After implementing the security measures above, Advanced said it would restore connectivity to its environments and assist customers to gradually reconnect safely and securely.
“For NHS 111 and other urgent care customers using Adastra and NHS Trusts using eFinancials, we anticipate this phased process to begin within the next few days” – Advanced
For customers of other Advanced solutions, reconnecting to the environments is expected to take at least three to four weeks.
The company’s software solutions are used by at least several hundred customers in both the public and private sectors.
In an update, Advanced said that customer groups from the following products have been impacted:
Adastra – Clinical Patient Management Software
Caresys – Care Home Management Software
Odyssey – Clinical Decision Support
Carenotes – Electronic Patient Record Software
Crosscare – Private Clinical Management
Staffplan – Care Management Software
eFinancials: Public Sector Financial Management
An investigation is ongoing, still in an early stage. Advanced has yet to determine how the hackers gained access to the network and if data was stolen.
The company promised to share with its customers the indicators of compromise (IoCs) from this attack when the information becomes available.