UK NHS Service May Take a Month to Recover After MSP Ransomware Attack

Colin Thierry Colin Thierry UK NHS Service May Take a Month to Recover After MSP Ransomware Attack

Managed service provider (MSP) Advanced confirmed that a ransomware attack on its systems disrupted emergency services (111) from the United Kingdom’s National Health Service (NHS).

According to the company, customers of seven solutions from the British MSP have been impacted either directly or indirectly.

The ransomware attack first started to disrupt Advanced systems on August 4 and was identified at around 7 AM. It caused a major outage to NHS emergency services across the UK.

Advanced did not disclose which ransomware gang was behind the attack but said that it took immediate action to lower the risk and isolated Health and Care environments where the incident was detected.

The company started to work with with forensic experts from Microsoft (DART) and Mandiant, who are also helping bring the impacted systems back online securely and with added defenses, including:

  • Implementing additional blocking rules and further restricting privileged accounts for Advanced staff
  • Scanning all impacted systems and ensuring they are fully patched
  • Resetting credentials
  • Deploying additional endpoint detection and response agents
  • Conducting 24/7 monitoring

After putting these security measures into place, Advanced said it would restore connectivity to its environments and assist customers to eventually reconnect safely and securely.

“For NHS 111 and other urgent care customers using Adastra and NHS Trusts using eFinancials, we anticipate this phased process to begin within the next few days,” said Advanced.

Reconnecting to the environments for customers of other Advanced solutions is expected to take at least three to four weeks.

The company has its software solutions used by at least several hundred customers in both the public and private sectors.

In an update, Advanced said that customer groups from the following products were impacted in the attack:

  1. Adastra – Clinical Patient Management Software
  2. Caresys – Care Home Management Software
  3. Odyssey – Clinical Decision Support
  4. Carenotes – Electronic Patient Record Software
  5. Crosscare – Private Clinical Management
  6. Staffplan – Care Management Software
  7. eFinancials: Public Sector Financial Management

An investigation into the matter is currently ongoing, but is still in the early stages. Advanced hasn’t yet determined how exactly the hackers gained access to its network and if data was stolen.

The company promised to share with its customers the indicators of compromise (IoCs) from this attack when that information becomes available.

About the Author
Colin Thierry
Colin Thierry
Cybersecurity researcher and journalist

About the Author

Colin Thierry is a cybersecurity researcher and journalist who has written a wide variety of content for the web over the past 2 years. In his free time, he enjoys spending time outdoors, traveling, watching sports, and playing video games.