Last summer’s large-scale ransomware attack on the NHS continues to affect several critical health services as experts fear the data of millions of patients may have been compromised.
The security breach took place on August 4 but its severity has only recently become known, with many describing it as one of the worst attacks in the history of the NHS.
Hackers used ransomware software LockBit 3.0 to attack Advanced, the company behind the Adastra patient management software used by the NHS, and force vital systems offline.
The outage affected over 5.5 million patients across Scotland, England and Wales, forcing doctors and medical staff to keep patient files on pieces of paper and email for months as systems remained offline until mid-October.
Speaking to the Sunday Mail, Conservative Shadow Health Secretary Dr Sandesh Gulhane MSP said “this appalling cyber attack caused huge inconvenience for already-overstretched frontline NHS staff and alarm to patients whose safety may have been compromised.
The Government Communications Headquarters (GCHQ) and National Cyber Security Centre continue to investigate the incident. However, it is still unclear who was behind the attack and whether they gained access to patient files and confidential notes saved on the Adastra platform.
Patient data: safe or stolen?
One of the greatest concerns in the immediate aftermath of the NHS 111 attack was the possibility of patient data being stolen by perpetrators, but government officials have so far failed to confirm or deny if the data was breached by the hackers.
This lack of transparency has led some political figures to question if officials, in particular, Health Secretary Humza Yousaf may be suppressing crucial information related to the attack.
Speaking to the Sunday Mail, Dr Sandesh Gulhane MSP said “as Health Secretary, it’s Humza Yousaf’s duty to explain to Scottish patients how this attack has impacted them, and hopefully allay their fears.
“It’s unacceptable that he’s made no public statement on this issue because people have a right to know definitively whether their personal details have been obtained by hackers.”
The Scottish Government denied it covered up the attack, saying it was the responsibility of Advanced, the software owner, to provide information, according to the Sunday Mail.
But, like the Scottish Government, Advanced has not yet confirmed whether patient data was stolen.
In its most recent update on the attack, Advanced revealed that “during the initial login session the attacker moved laterally in Advanced’s health and care environment and escalated privileges, enabling them to conduct reconnaissance and deploy encryption malware.”
Advanced added that the attacker stole a “limited” amount of data before encrypting the system but did not offer further details.
The company did, however, say that it was “monitoring the Dark Web as a belt-and-braces measure” in case hackers had stolen data and tried to sell it online.
To read more about data security, visit our dedicated Business Continuity Page
A slow recovery
Almost four months have passed since the ransomware attack on Advanced, but several key Adastra systems and services remain offline or partially operational as of November 28 2022.
NHS Greater Glasgow and Clyde said that “the Adastra system is now back in use, however, not all aspects of the system are fully operational and there remains limited recording of some aspects of the out-of-hours service.”
Adastra Remote, however, remains completely offline, meaning that mobile medics still cannot access or update their patients' records.
The attack also continues to affect waiting times, with Scotland’s largest health board unable to provide data on out-of-hours waiting times between August and October.
“We are working with colleagues across NHS Scotland to complete the final stages of restoring the few services that remain unavailable, Steven Flockhart, director of digital and security at NHS NSS told the Scottish Sun.