Managed service provider (MSP) Advanced confirmed that a ransomware attack on its systems disrupted emergency services (111) from the United Kingdom's National Health Service (NHS).

Customers of seven solutions from the British MSP have been impacted either directly or indirectly, the company said.

Full service recovery may take a month

The ransomware attack started to disrupt Advanced systems on Thursday, August 4 and was identified around 7 AM. It caused a major outage to NHS emergency services across the U.K.

Advanced did not disclose the ransomware group behind the attack but said that it took immediate action to mitigate the risk and isolated Health and Care environments where the incident was detected.

The company is working with forensic experts from Microsoft (DART) and Mandiant, who are also helping bring the affected systems back online securely and with added defenses:

  • Implementing additional blocking rules and further restricting privileged accounts for Advanced staff
  • Scanning all impacted systems and ensuring they are fully patched
  • Resetting credentials
  • Deploying additional endpoint detection and response agents
  • Conducting 24/7 monitoring

After implementing the security measures above, Advanced said it would restore connectivity to its environments and assist customers to gradually reconnect safely and securely.

“For NHS 111 and other urgent care customers using Adastra and NHS Trusts using eFinancials, we anticipate this phased process to begin within the next few days” - Advanced

For customers of other Advanced solutions, reconnecting to the environments is expected to take at least three to four weeks.

The company’s software solutions are used by at least several hundred customers in both the public and private sectors.

In an update, Advanced said that customer groups from the following products have been impacted:

  1. Adastra - Clinical Patient Management Software
  2. Caresys - Care Home Management Software
  3. Odyssey - Clinical Decision Support
  4. Carenotes - Electronic Patient Record Software
  5. Crosscare - Private Clinical Management
  6. Staffplan - Care Management Software
  7. eFinancials: Public Sector Financial Management

An investigation is ongoing, still in an early stage. Advanced has yet to determine how the hackers gained access to the network and if data was stolen.

The company promised to share with its customers the indicators of compromise (IoCs) from this attack when the information becomes available.

Related Articles:

INC Ransom threatens to leak 3TB of NHS Scotland stolen data

What the Latest Ransomware Attacks Teach About Defending Networks

US govt probes if ransomware gang stole Change Healthcare data

BlackCat ransomware turns off servers amid claim they stole $22 million ransom

The Week in Ransomware - March 1st 2024 - Healthcare under siege