At 7:00am on Thursday 4th August 2022 a cyber-attack was spotted within one of the systems which powers the UK National Health Service (NHS) 111 service [BBC News, The Stack].
The NHS 111 service is a first-line of urgent health support to those in England, Wales, Scotland and Northern Ireland. It provides guidance, and is a focal point for additional assistance within the public health service.
The cyber attack is said to only be affecting the digital services being provided by the service provider, Advanced. Advanced have been a partner of the NHS for over 20 years, and are very much a trusted name in the NHS procurement list.
The cyber attack affected key services, and several trusts have warned doctors and patients that disruption to normal operations could follow.
It has been reported that two of Advanced systems were taken down by the attack. They are known as Adastra and Carenotes. Advanced Adastra is a Clinical Patient Management system, which, amongst other things, enables medical record access to 111 professionals. Advanced Carenotes is electronic patient record software, which is specifically tailored toward creating streamlined workflows for the needs of mental health professionals within the NHS.
Managed Service Providers (MSPs) such as Advanced, are a target for cyber criminals - especially if those MSPs are providing to Critical National Infrastructure. A cyber attack to these service providers is often labelled as “downstream,” as they are providers of services which are essential to the operations further along the supply chain. In fact, MSPs have become so essential to the operation of some organisations that a recent consultation on NIS Regulations in the UK have suggested that MSPs in the supply chain could become regulated to the same scrutiny as other Operators of Essential Services (OESs). The gov.uk website has more information on the results of the NIS consultation.
Awen Collective can help organisations within Critical National Infrastructure, as well as Managed Service Providers in the supply chain. We understand the problem deeply, and with software solutions, such as our Profile system, we enable efficient cyber security improvement over time. Our Dot system is also effective to improve the cyber security of physical operations, through the discovery of devices and cyber vulnerabilities, and works with Operational Technologies (OT) including Building Management Systems (BMS including HVAC), IIoT, and Industrial Control Systems & SCADA. Contact us today for a no-obligation friendly chat.