Major NHS Supplier Hit By Ransomware Attack

Click The Arrow For The Table Of Contents
Red warning triangle on a screen

Advanced, an IT supplier to the NHS, has been hit by a ransomware attack that could take a month to recover from. 

What Happened?

Birmingham-based ‘Advance’ provides digital services to the NHS, such as patient check-in and NHS 111. The company’s Adastra software works with 85 per cent of NHS 111 services. 

Advanced reported spotting a hack at 07:00 BST on 4 August, followed by a number of outages, before confirming in a statement on 5 August that the incident was linked to a cyber-attack. 


Advanced described the outages as the result of “a cybersecurity incident” caused by ransomware which caused “an issue on infrastructure hosting products used by our Health & Care customers. Those products identified as being affected are Adastra, Caresys, Care notes, Cross Care and Staff Plan.”  These services are: 

Adastra – clinical patient management software with records relating to 40 million patients. 

Caresys – care home management software used by over 1,000 care organisations. 

Care notes – electronic patient record software used by over 40,000 clinicians. 

Crosscare – a clinical management system for hospices and private practice used by 70 adult and children’s hospices across the UK. 

Staff plan – care management software used by over 1,000 care organisations. 

Financially Motivated

Advanced has reported in its FAQs about the incident that, based on the intelligence it had received, the “threat actor” who carried out the ransomware was “purely financially motivated” rather than being a state-sponsored attacker, for example. 

Services Offline

The ransomware attack, which Advanced says contained “a small number of servers”, meant that affected services had to be taken offline. Therefore, customers could not access their systems and had to rely upon contingency measures. An NHS England spokesperson has reported that “While Advanced has confirmed that the incident impacting their software is ransomware, the NHS has tried and tested contingency plans in place, including robust defences to protect our networks, as we work with the National Cyber Security Centre to understand the impact fully.” 

Working With Other Agencies 

Advanced has said that it is working with forensic partners, including Mandiant and the Microsoft DART teams, to conduct an investigation. In addition, it is in contact with the NHS, NCSC, and other governmental entities and has contacted the ICO. 

3 to 4 Weeks

Advanced reports that for NHS 111 and other urgent care customers using Adastra and NHS Trusts using financials, services would be back online in a few days, but for its other NHS customers and Care organisations, it will be “necessary to maintain existing contingency plans for at least three to four more weeks”. 

Fears For Data Security

It is unclear from reports whether any ransom has been paid, with Advanced simply saying, “our investigation is underway.” However, bearing in mind the vast numbers of patient records and the sensitivity of that data, there are now severe fears about whether data has been stolen and the consequences. 

Health Organisations A Target

Health services around the world are often targets of cyber-attacks. A Kroll study has reported that the number of health organisations (globally) targeted by cyber-attacks rose by 90 per cent in the three months to 30 June compared with the first quarter of 2022. Examples of health services being targeted include: 

– In 2017, North Korean attackers hit the NHS with ransomware, severely disrupting over 80 hospital trusts and 8 percent of GP practices, costing the NHS an estimated £92m through services lost during the attack and IT costs in the aftermath. 

– In October 2020, a ransomware attack hit the Philadelphia company research technology (which made software used to try and develop COVID-19 vaccines and treatments). Employees were locked out of systems, and the attack had a knock-on effect felt by IQVIA, the research organisation helping with AstraZeneca’s Covid vaccine trial, and Bristol Myers Squibb, a drug-maker involved in the development of a quick test for COVID-19. 

– Emsisoft’s Brett Callow has reported that, in 2020 and 2021 in the US, at least 168 ransomware attacks affected 1,763 clinics, hospitals and health care organisations. 

What Does This Mean For Your Business?

It may be the case that health services are often targeted because there are many different suppliers, plus services are vital, so there may be a better chance of extracting a ransom. Also, there is a lot of potentially valuable data to steal, and health services often play catch-up with cybersecurity. 

Ransomware attacks tend to be initiated using phishing emails, so all staff must be aware of the dangers of clicking on suspicious links. This story also highlights the importance of making sure that data is regularly and securely backed up (to a secure cloud-based service) and that disaster recovery and business continuity plans have procedures for ransomware attacks built-in to them. Finally, businesses should note that paying the ransom is a high-risk option and offers no guarantee that any files will be unlocked/returned. 

Other precautions that businesses can take to guard against these ransomware attacks include keeping antivirus software and Operating Systems up to date and patched (and re-starting the computer at least once per week), using a modern and secure browser, using detection and recovery software, e.g. Microsoft 365 protection and Windows Security.