Hackers issue 'ransom demands' to NHS IT supplier: Fears MILLIONS of confidential patient records could be leaked after major cyber attack

  • IT firm Advanced that supplies 85% of NHS 111 providers was hacked last week 
  • Service was taken down leading call handlers to have to use pen and paper
  • Source close to investigations claims the attackers are ransoming Advanced 

Hackers are holding an IT firm that supplies NHS trusts to ransom following a cyber attack last week, according to sources.

Health bosses are concerned criminals have access to confidential health records and could leak them if their demands aren't met. 

The software company Advanced, which provides patient data to dozens of trusts and most NHS 111 providers in England, was hacked last Thursday.

Call handlers across 85 per cent of the country are still without a crucial IT system and have had to resort to using pen and paper for the past week.

Agencies including the National Crime Agency and GCHQ are now investigating the data breach.

A source close to the investigation said the attackers have made 'some demands', according to the Health Service Journal, although it is not entirely clear what they are.

But there is a suggestion cyber criminals are looking for payments in exchange for not leaking information and removing the malware.

Hackers have issued demands to an IT firm that supplies NHS trusts after it was hacked last week, it was claimed today. Pictured: The company Advanced's Adastra software that is used by 85 per cent of NHS 111 providers in England

Hackers have issued demands to an IT firm that supplies NHS trusts after it was hacked last week, it was claimed today. Pictured: The company Advanced's Adastra software that is used by 85 per cent of NHS 111 providers in England

What happened in the NHS cyber attack and who has been affected? 

Cyber criminals targeted a firm that supplies IT to NHS providers last week.

Software company Advanced, which provides patient data to dozens of trusts and 85 per cent of NHS 111 providers in England, was hacked last Thursday.

Advanced's Adastra software, one of the systems that was attacked and is used by NHS 111, covers 40million patients, according to the company. 

Affected NHS 111 call handlers currently do not have access to the GP records or NHS numbers of people ringing the non-emergency service.

They are also unable to make electronic bookings with GPs or send out ambulances for patients while the Adastra software is still offline.

GP notes, mental health records and patients' unique NHS numbers may have been stolen in the attack. 

The criminals also hacked the company's Carenotes EPR software, which holds mental health records.

Affected mental health trusts warned staff are currently facing a 'pretty desperate' situation, still unable to access vital patient records.

Advertisement

GP notes, mental health records and patients' unique NHS numbers are thought to have been affected in the attack. 

An Advanced spokesperson said: 'With respect to potentially impacted data, our investigation is under way.

'When we have more information about potential data access or exfiltration, we will update customers as appropriate.' 

Advanced's Adastra software, one of the systems that was attacked and is used by NHS 111, covers 40million patients, according to the company. 

The criminals also hacked the company's Carenotes EPR software, which holds mental health records.

Affected mental health trusts warned staff are currently facing a 'pretty desperate' situation, still unable to access vital patient records. 

One mental health trust chief executive, who preferred to stay anonymous, told the HSJ: 'It’s really difficult and the longer it goes on, the harder it gets for staff.'

Advanced said it will bring its NHS 111 and urgent care services back online 'within the next few days'.

But it could take another month before Carenotes EPR is back online.

Advanced said: 'We are working tirelessly to bring this timeline forward, and while we are hopeful to do so, we want our customers to be prepared. 

'We will continue to provide updates as we make progress.'

Carenotes EPR is used by at least nine mental health trusts, and dozens of other trusts use different software from the company that is still offline. 

Meanwhile, affected NHS 111 call handlers currently do not have access to the GP records or NHS numbers of people ringing the non-emergency service.

They are also unable to make electronic bookings with GPs or send out ambulances for patients while the Adastra software is still offline.

An Advanced spokesperson said: 'We want to stress that there is nothing to suggest that our customers are at risk of malware spread and believe that early intervention from our Incident Response Team contained this issue to a small number of servers.

'Since our Health and Care systems were isolated at the end of last week, no further issues have been detected and our security monitoring continues to confirm that the incident is contained, allowing our recovery activities to move forward.'

Ransomware attacks on companies are becoming more common as firms go digital.

The NHS attack was initially feared to be from another country.

Health chiefs told hospitals to shore up their system earlier this year amid fears of a Russian attack in retaliation to Western interference in the war in Ukraine.

There have been widespread concerns about the technological resilience of the NHS which only last year stopped using fax machines.

It was famously hacked in 2017 in the WannaCry attack, which brought the whole health service to a standstill for days and cost the UK £92million.

HOW DID THE 2017 WANNACRY CYBER ATTACK CRIPPLE THE NHS?

More than a third of hospital trusts had their systems crippled in the WannaCry ransomware attack in May 2017.

Nearly 20,000 hospital appointments were cancelled because the NHS failed to provide basic security against cyber attackers.

NHS officials claimed 47 trusts were affected – but the National Audit Office (NAO) found the impact was far greater, and in fact 81 were hit by the attack.

When the attack started on May 12, it ripped through the out-of-date defences used by the NHS.

More than a third of hospital trusts had their systems crippled in the WannaCry ransomware attack last May

More than a third of hospital trusts had their systems crippled in the WannaCry ransomware attack last May

The virus, which spread via email, locked staff out of their computers and demanded £230 to release the files on each employee account.

Hospital staff reported seeing computers go down 'one by one' as the attack took hold. 

Locked out medics had to rely on pen and paper, while crucial equipment such as MRI machines were also disabled by the attack.

The report reveals nearly 19,500 medical appointments were cancelled, including 139 potential cancer referrals. Five hospitals even had to divert ambulances away at the peak of the crisis.

Hospitals were found to have been running out-of-date computer systems, such as Windows XP and Windows 7, that had not been updated to secure them against such attacks. Computers at almost 600 GP surgeries were also victims.

NAO claimed the cyber attack could have easily been prevented. Officials were warned repeatedly about the WannaCry virus beforehand, with 'critical alerts' being sent out in March and April.

Foreign Office minister Lord Ahmad confirmed the attack was carried out by the notorious North Korean cyber espionage group Lazarus. 

Computer systems in 150 countries were caught up in the incident, which saw screens freeze with a warning they would not be unlocked unless a ransom was paid. 

The Department of Health said that from January 2018 hospitals will be subject to unannounced inspections of IT security.  

The comments below have not been moderated.

The views expressed in the contents above are those of our users and do not necessarily reflect the views of MailOnline.

We are no longer accepting comments on this article.