3 pillars of successful CFOs: Strategic leadership, technological integration, and work-life harmony
Discover the 3 critical areas of success that constitute the foundation of contemporary financial leadership.
Advanced, an IT supplier to the NHS, has been hit by a ransomware attack that could take a month to recover from.
Birmingham-based ‘Advance’ provides digital services to the NHS such as patient check-in and NHS 111. The company’s Adastra software works with 85 per cent of NHS 111 services.
Advanced reported spotting a hack at 07:00 BST on 4 August, followed by a number of outages, before confirming in a statement on August 5 that the incident was linked to a cyber-attack.
Advanced described the outages as the result of “a cybersecurity incident” caused by ransomware which caused “an issue on infrastructure hosting products used by our Health & Care customers. Those products identified as being affected are Adastra, Caresys, Carenotes, Cross Care and Staff Plan.” These services are:
Adastra – clinical patient management software with records relating to 40 million patients.
Caresys – care home management software used by over 1,000 care organisations.
Carenotes – electronic patient record software used by over 40,000 clinicians.
Crosscare – a clinical management system for hospices and private practice used by 70 adult and children’s hospices across the UK.
Staffplan – care management software used by over 1,000 care organisations.
Advanced has reported in its FAQs about the incident that, based on the intelligence it had received, the “threat actor” who carried out the ransomware was “purely financially motivated” rather than being a state sponsored attacker, for example.
The ransomware attack, which Advanced says was contained to “a small number of servers”, meant that affected services had to be taken offline. Customers were, therefore, unable to access their systems and had to rely upon contingency measures. An NHS England spokesperson has reported that “While Advanced has confirmed that the incident impacting their software is ransomware, the NHS has tried and tested contingency plans in place including robust defences to protect our own networks, as we work with the National Cyber Security Centre to fully understand the impact.”
Advanced has said that it is working with forensic partners including Mandiant and the Microsoft DART teams to conduct an investigation, and is in contact with the NHS, NCSC, other governmental entities, and has contacted the ICO.
Advanced reports that for NHS 111 and other urgent care customers using Adastra and NHS Trusts using eFinancials, services would be back online in a few days, but for its other NHS customers and Care organisations it will be “necessary to maintain existing contingency plans for at least three to four more weeks”.
It is not clear from reports whether any ransom has been paid, with Advanced simply saying “our investigation is underway.” Bearing in mind the vast numbers of patient records and the sensitivity of that data there are now serious fears about whether data has been stolen and what the consequences could be.
Health services around the world are often targets for cyber-attacks, and a Kroll study has reported that the number of health organisations (globally) targeted by cyber-attacks rose by 90 per cent in the three months to 30 June compared with the first quarter of 2022. Examples of health services being targeted include:
It may be the case that health services are often targeted because there are many different suppliers, plus services are vital, so there may be a better chance of extracting a ransom, also there is a lot of potentially valuable data to steal and health services are often playing catch-up with cybersecurity.
Ransomware attacks tend to be initiated using phishing emails, so it is important that all staff are aware of the dangers of clicking on suspicious links. This story also highlights the importance of making sure that data is regularly and securely backed up (to a secure cloud-based service) and that disaster recovery and business continuity plans have procedures for ransomware attacks built-in to them. Businesses should also note that paying the ransom is a high-risk option and certainly offers no guarantee that any files will be unlocked/returned.
Other precautions that businesses can take to guard against these ransomware attacks include keeping antivirus software and Operating Systems up to date and patched (and re-starting the computer at least once per week), using a modern and secure browser, using detection and recovery software, e.g. Microsoft 365 protection and Windows Security.
Discover the 3 critical areas of success that constitute the foundation of contemporary financial leadership.
The term “Big Stay,” reflects the current trend of declining staff turnover and a reduction in job vacancies. In this new era, employees are increasingly prioritising stability over change, leading to fewer job openings and a growing reluctance to switch employers.
With Microsoft Dynamics 365 Business Central and Microsoft 365, businesses can establish a unified experience where data seamlessly connects with productivity apps including Microsoft Excel, Microsoft Outlook, and Microsoft Teams.