A cyberattack that hit a major IT supplier to the NHS and severely impacted service 111 involved ransomware and could take up to four weeks to fix, it has emerged.
Advanced, which supplies critical systems to the NHS, said it suffered a cyber breach around 7am on August 4, which is now under control.
The attack had wide-ranging effectsaffects the system used to dispatch ambulances, make after-hours appointments, and issue emergency prescriptions.
Call handlers for the NHS 111 service have been left “working on paper” with the cyber attack “negatively affecting” response times, according to a letter from NHS England to GPs in London published by the industry magazine Pulse.
The Welsh Ambulance Service reported a “major breakdown” of the system used to transfer patients from 111 to out-of-hours GP providers, saying the problem was affecting all four country in the United Kingdom.
The public is encouraged to use 111 online or by phone, but is warned that it may take longer to answer calls.
It comes five years later WannaCry cyber attack severely disrupts serviceresulting in thousands of canceled appointments and leaving the NHS with a bill of nearly £100 million.
That attack is blame North Korea but it is not known who is behind the latest attack on the NHS system.
“We would like to stress that there is nothing to suggest that our customers are at risk of spreading malware and believe early intervention from our Incident Response Team has resolved this issue for a small number of servers,” an Advanced spokesperson said.
The company said it is working with the NHS and the National Cyber Security Center to validate the steps it has taken before the NHS can start bringing services back online.
Advanced said it was working “tirelessly” to resolve the issues but confirmed that it could take another three to four weeks to bring some systems back to full performance.
“As you can imagine, we are in the early stages of our investigation into this incident and are working alongside our third-party forensic partners to gather more details.
“While we have yet to confirm the root cause – and this may take time – rest assured that we will update you as we learn more.”
What is Ransomware?
Ransomware – or ransomware – is malicious software that locks users out of their systems and demands a ransom payment to log back in.
This malware dates back to the late 1980s and has been the subject of several well-known incidents in recent years.
Today, ransomware authors dictate that payments must be sent via cryptocurrency or credit cards, and attackers target individuals, businesses, and organizations of all kinds.
The target could be individual users or – as was the case this time – larger organizations trusted by millions.
So how does ransomware lock up people’s systems?
A hacker or threat actor first needs to gain access to a device or network.
Having this access means they can use malware to encrypt your device and data so they can’t be accessed.
Once done, the user will see a message asking for payment to restore access to their files or system.