When an NHS service provider was hit by ransomware earlier this month, an NHS spokesperson said the health service had “tried and tested contingency plans in place” to protect its own network.

The ransomware does not appear to have infected NHS systems. But a BBC article published Tuesday revealed the severe knock-on effect of the attack: home visits cancelled, doctors making clinical decisions without access to patient notes, and a huge backlog of paperwork.

This attack on an NHS contractor reiterates the importance of ransomware defence, supply chain vulnerabilities and operational resilience.

#RISK register to attend speaker hero

Ransomware and Supply Chain Attacks

Ransomware attacks continue to rise at an “alarming rate”, according to the 2022 Verizon Data Breach Investigations Report (DBIR), increasing 13% in 2021—more than the previous five years combined.

On 4 Aug, software company Advanced, which provides patient check-in, recordkeeping and non-emergency phone services for the NHS, found ransomware attackers had taken control of its systems. The company estimated that it would take 3-4 weeks to recover.

The company did not disclose whether any NHS patient data had been compromised or whether it was negotiating with the hackers.

The NHS reassured the public that it was working with the National Cyber Security Centre (NCSC) to protect its networks. 

But maintaining good cyber defences is only part of the battle. Supply chain attacks can cause chaos in other ways.

Service providers like Advanced are a popular target for ransomware groups as they occupy a critical position in the supply chain.

When managed service provider (MSP) Kaseya was hit by ransomware last July, 500 branches of the Swedish Coop supermarket chain were forced to close after their cash registers stopped working.

And the May 2021 Colonial Pipeline attack caused disruption to fights as airlines struggled to source fuel.

While the Advanced attack does not appear to have spread directly to NHS systems, it still had a major impact on the health service’s operations.

Impact of the Attack

Within a week of the attack, GPs were warned that they might see more patients than usual due to issues with the non-emergency phone service NHS 111, which is part-operated by Advanced

An NHS psychiatrist also told the BBC that he was unable to read patient histories and that his team were making clinical decisions “nearly blind”.

On Tuesday, nearly four weeks after the initial attack against Advanced, BBC cyber security correspondent Joe Tidy reported that NHS staff continued to take care notes with “pen and paper”.

The manager of an urgent care centre told the BBC that, with automated systems still offline, her team were unable to send notifications to GPs because they lacked sufficient staff to undertake the amount of “manual handling” required.

Overnight home visits had also been cancelled due to a backlog of manual work.

Advanced, which initially estimated it would have recovered from the attack within 3-4 weeks, told the BBC on Tuesday that it could be 12 weeks before some services recovered. 

But the impact could be even more significant on the NHS itself, with sources warning that some regions already face a six-month backlog of a “few hundred thousand” patient care notes that would need to be manually processed.

Ransomware, Supply Chains and Operational Resilience at #RISK

Given the ongoing and growing threat of ransomware Increasing dependence on complex supply chains and third-party services, taking a proactive approach to managing organisational resilience is more important than ever.

#RISK, taking place 16-17 November at ExCeL, London, will feature sessions on third-party risk management, operational resilience, and defending against ransomware.

Register for free to hear leading risk experts share their experience and knowledge about improving your organisation’s risk management and resilience.

    #RISK    - ExCel, LONDON: 16th & 17th November 2022

Europe’s Leading Risk Focused EXPO 

Risk is now everyone’s business

#RISK    is where the whole ‘risk’ community comes together to meet, debate, and learn, to break down silos and improve decision-making. Five content hubs with insightful sessions, case studies, networking, high level thought leadership presentations and panel discussions.