Managed service provider (MSP) Advanced confirmed that a ransomware attack on its systems disrupted emergency services (111) from the United Kingdom’s National Health Service (NHS).
Customers of seven solutions from the British MSP have been impacted either directly or indirectly, the company said.
Full service recovery may take a month
The ransomware attack started to disrupt Advanced systems on Thursday, August 4 and was identified around 7 AM. It caused a major outage to NHS emergency services across the U.K.
Advanced did not disclose the ransomware group behind the attack but said that it took immediate action to mitigate the risk and isolated Health and Care environments where the incident was detected.
The company is working with forensic experts from Microsoft (DART) and Mandiant, who are also helping bring the affected systems back online securely and with added defenses:
- Implementing additional blocking rules and further restricting privileged accounts for Advanced staff
- Scanning all impacted systems and ensuring they are fully patched
- Resetting credentials
- Deploying additional endpoint detection and response agents
- Conducting 24/7 monitoring
After implementing the security measures above, Advanced said it would restore connectivity to its environments and assist customers to gradually reconnect safely and securely.
“For NHS 111 and other urgent care customers using Adastra and NHS Trusts using eFinancials, we anticipate this phased process to begin within the next few days” – Advanced
For customers of other Advanced solutions, reconnecting to the environments is expected to take at least three to four weeks.
The company’s software solutions are used by at least several hundred customers in both the public and private sectors.
In an update, Advanced said that customer groups from the following products have been impacted:
- Adastra – Clinical Patient Management Software
- Caresys – Care Home Management Software
- Odyssey – Clinical Decision Support
- Carenotes – Electronic Patient Record Software
- Crosscare – Private Clinical Management
- Staffplan – Care Management Software
- eFinancials: Public Sector Financial Management
An investigation is ongoing, still in an early stage. Advanced has yet to determine how the hackers gained access to the network and if data was stolen.
The company promised to share with its customers the indicators of compromise (IoCs) from this attack when the information becomes available.
Source: https://cyber-reports.com/wp-admin/post.php?post=30487&action=edit