According to the company, customers of seven solutions from the British MSP have been impacted either directly or indirectly.
The ransomware attack first started to disrupt Advanced systems on August 4 and was identified at around 7 AM. It caused a major outage to NHS emergency services across the UK.
Advanced did not disclose which ransomware gang was behind the attack but said that it took immediate action to lower the risk and isolated Health and Care environments where the incident was detected.
- Implementing additional blocking rules and further restricting privileged accounts for Advanced staff
- Scanning all impacted systems and ensuring they are fully patched
- Resetting credentials
- Deploying additional endpoint detection and response agents
- Conducting 24/7 monitoring
After putting these security measures into place, Advanced said it would restore connectivity to its environments and assist customers to eventually reconnect safely and securely.
“For NHS 111 and other urgent care customers using Adastra and NHS Trusts using eFinancials, we anticipate this phased process to begin within the next few days,” said Advanced.
Reconnecting to the environments for customers of other Advanced solutions is expected to take at least three to four weeks.
The company has its software solutions used by at least several hundred customers in both the public and private sectors.
In an update, Advanced said that customer groups from the following products were impacted in the attack:
- Adastra – Clinical Patient Management Software
- Caresys – Care Home Management Software
- Odyssey – Clinical Decision Support
- Carenotes – Electronic Patient Record Software
- Crosscare – Private Clinical Management
- Staffplan – Care Management Software
- eFinancials: Public Sector Financial Management
An investigation into the matter is currently ongoing, but is still in the early stages. Advanced hasn’t yet determined how exactly the hackers gained access to its network and if data was stolen.
The company promised to share with its customers the indicators of compromise (IoCs) from this attack when that information becomes available.