Minister reveals that fallout continues to affect platforms and data

Credit: Darwin Laganzon/Pixabay

Six months on from a major cyberattack on a key software supplier, some NHS organisations are still yet to reconnect to impacted systems, a minister has revealed.

On 4 August, a ransomware attack targeted at Advanced affected the a number of the vendor’s products, including the Adastra patient-management platform used to support the urgent-care treatment of up to 40 million people in the UK, and the Carenotes electronic patient records system used by 40,000 doctors.

In the half-year that has elapsed since the incident, government and the NHS has “have worked closely with Advanced to restore services”, according to health and secondary care minister Will Quince. But some health-service bodies are still suffering the fallout, he indicated.

“The majority of NHS services have now been reconnected and we are supporting the few NHS organisations still undergoing reconnecting,” Quince said. “All but one of the affected mental health providers have now been reconnected and are in the restoration phase.”

Related content

• NHS Digital cites transformation ‘turning point’ after £750m investment in FY22
• NHS to build £3m digital platform to manage national volunteer force
• Mental health: NHS looks to digital and data to close ‘historic treatment gap’

The minister – who was answering a written parliamentary question from Labour’s shadow mental-health minister Dr Rosena Allin-Khan – said that the cyber assault has affected the process of gathering the statistics that comprise the NHS’s national Mental Health Services Data Set (MHSDS).

“The MHSDS monthly publication has been reclassified as experimental statistics to reflect this,” he said. “Caveats are included on the publication page to warn users when interpreting the data. The NHS Digital data liaison service and data quality teams are in regular communication with providers and continue to monitor the impact on submissions and reporting.”

As well as patient records and care-management platforms, other Advanced products impacted by the incident included: the Odyssey product for supporting clinical decision-making; Staffplan, a service for managing staff rotas, as well as recruitment and payroll; the public sector-focused eFinancials system; the Caresys care home-management tool; and Crosscare, a clinical-management program for the private care providers and hospices.

In the most recent update to an FAQ document posted on a page on its website dedicated to the attack, Advanced said: “In the time since the attack, we have progressed our recovery and restoration efforts with respect to affected systems. We have been working with the NHS and the NCSC (National Cyber Security Centre) to validate the additional security measures we have put in place.”