A cyberattack that hit a major IT provider for the NHS and severely affected the 111 service involved ransomware and could take up to four weeks to fix, it has emerged.
Advanced, which supplies vital systems for the NHS, said it suffered a cyber breach around 7am on 4 August which has now been contained.
The attack had wide-ranging implications, affecting the system used to dispatch ambulances, book out-of-hours appointments and issue emergency prescriptions.
Call handlers for the NHS 111 service were left “working on paper” with the cyber attack “negatively affecting” response times, according to a letter from NHS England to London GPs seen by industry magazine Pulse.
The Welsh Ambulance Service reported a “major outage” of the system used to refer patients from 111 to out-of-hours GP providers, saying the issue was affecting all four nations in the UK.
The public were encouraged to use 111 online or by phone, but were warned it could take longer for calls to be answered.
It comes five years after the WannaCry cyberattack severely disrupted services, leading to thousands cancelled appointments and left the NHS with a near-£100m bill.
Ministers coordinating ‘resilience response’ after ‘major’ cyber attack hits NHS systems across UK
Businesses urged not to give in to ransomware cyber criminals as authorities see increase in payouts
Could the Russian cyber attack on Lithuania draw a military response from NATO?
That attack was blamed on North Korea but it is not known who is behind the latest attack on NHS systems.
“We want to stress that there is nothing to suggest that our customers are at risk of malware spread and believe that early intervention from our Incident Response Team contained this issue to a small number of servers,” an Advanced spokesperson said.
The company says it is working with the NHS and National Cyber Security Centre to validate the steps it had taken before the NHS can begin bringing services back online.
Advanced said it is working “tirelessly” to resolve issues but confirmed it could take three to four more weeks to bring some systems back to full performance.
“As you can imagine, we are in the early stages of our investigation into this incident and are working alongside our third-party forensic partners to gather more detail.
“While we have not yet confirmed the root cause – and this may take time – please rest assured we will keep you updated as we learn more.”
Ransom malware – or ransomware – is malware that locks users out of their system and demands a ransom payment in order to get back in.
The malware dates back to the late 1980s and has been the subject of several high profile incidents in recent years.
Nowadays ransomware authors order that payment be sent via cryptocurrency or credit card, and attackers target individuals, businesses, and organisations of all kinds.
The targets can be individual users or – as it seems is the case this time – larger organisations relied upon by millions of people.
So how does ransomware lock up people’s systems?
First the hacker or threat actor needs to gain access to a device or network.
Having this access means they can use the malware to encrypt your device and data so they cannot be accessed.
Once that’s done, the user will see a message demanding a payment in return for restoring access to their files or system.