The NHS in Northern Ireland has been forced to implement “contingency measures” after one of their key IT service partners experienced a ransomware attack. The provider, Access, has had all access to NHS systems withdrawn until further notice.

How serious is the issue?

Advanced provide a number of services to the NHS across the UK. Of particular concern are their software applications used by NHS trusts to manage patient check-in, patient records, emergency prescriptions, finance, logistics and the 111 non-emergency helpline.

The ransomware infection appears to be quite serious – at least for Advanced. However, the NHS claims that their systems – and the patient data they hold – has not been compromised in any way. Removing Advanced’s system access is a purely precautionary measure to prevent further spread of the ransomware.

There have been some problems

Although NHS IT systems have not been infected, there have been some knock-on effects. The Northern Ireland Department of Health has been forced to switch providers at short notice for instance, causing some delays and confusion while the transition was completed.

Nine NHS trusts also reported significant problems once access to Advanced applications were withdrawn. Among the problems they experienced was reduced access to patient records, limiting their ability to provide treatment for certain patients. According to a leaked memo seen by The Guardian newspaper, “A number of NHS services, including NHS 111, some urgent treatment centres and some mental health providers use software that have been taken offline.” This would indicate that some patients will experience delays in receiving treatment until access is restored – or a suitable workaround can be found.
Download Panda Free Antivirus

Good news and bad news

Obviously, any delay to medical treatment is concerning and could have profound implications for affected patients. However, by taking swift action and limiting access to their network and resources, the NHS has averted a potential crisis that could have taken all of their clinical systems offline.

Healthcare providers across the world have noted a 90% increase in cyberattacks over the past year. One study suggests that the healthcare sector is now the most popular target for cybercriminals, particularly for ransomware attacks.

The extremely sensitive nature of patient data makes it extremely attractive to hackers. They believe that healthcare providers would rather pay a ransom to recover their data rather than risk their patients’ lives.

But by taking decisive action quickly, the NHS has avoided both infection and ransom. Closing the ‘door’ to Advanced ensured that patient data has been properly defended against loss, theft or exposure – and that treatment can continue, even if there is some short term disruption.

As healthcare continues to attract attention from cybercriminals we can expect to see more stories like this one in the near future. And hopefully the lessons learned by the NHS will be learned and applied by healthcare providers across the world too.