Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

NHS 111: Cyber-attack causes major IT systems outage

Affected IT system, Adastra, is used by 85 per cent of the service’s providers

Rebecca Thomas
Health Correspondent
,Andy Gregory
Friday 05 August 2022 23:54 BST
Comments
The NHS uses software which does not receive updates any more
The NHS uses software which does not receive updates any more (PA)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

People seeking medical help via the NHS 111 call line have been warned of delays after a cyberattack caused a “major” computer system outage, which may not be resolved until next week.

The “security issue” was first identified early on Thursday and is affecting an IT system called Adastra, which is used to refer patients for care – including ambulances being dispatched, out-of-hours appointment bookings and emergency prescriptions.

The system is used by 85 per cent of NHS 111 providers and several out-of-hours services, and the outage was described by the Welsh Ambulance Service as “major”, “far reaching” and affecting all four nations of the UK.

Neither NHS England nor Advance, which runs the Adastra system, would initially confirm reports that a cyberattack was to blame.

But on Friday, Advance’s chief operating officer Simon Short confirmed the incident was related to a cyberattack and said the company had taken action which contained the attack, adding that “no further issues have been detected”.

“Early intervention from our incident response team contained this issue to a small number of servers representing 2 per cent of our health and care infrastructure,” Mr Short said. The protection of services and data is paramount in the actions we have and are taking.

“We continue to work with the NHS and health and care bodies as well as our technology and security partners, focused on recovery of all systems over the weekend and during the early part of next week. In the meantime those NHS impacted services will continue to operate [using contingency].”

GPs in London were warned they may see a rush of patients sent by NHS 111 due to a “significant technical issue” and “system outage”.

Pulse magazine was told the issue had left NHS 111 unable to book patients into GP appointment slots.

An NHS England spokeswoman said NHS 111 services are still available and that there is “currently minimal disruption”, adding that “tried and tested contingency plans are in place for local areas who use this service”.

In Wales, the ambulance service said its partners across the country have “developed and deployed plans so services can continue to operate”, but warned the weekend will be a busier time than usual for NHS 111 Wales.

While capacity to answer calls is being “maximised” by the ambulance service and local health boards, “it may take longer for calls to be answered and we thank the public for their patience”, the service said.

A Scottish Government spokesperson said it was aware of reported disruption to one of NHS Scotland’s IT suppliers’ systems and “continuity plans” are in place.

Holyrood is “working with all health boards collaboratively on a four nations basis with the National Cyber Security Centre and the supplier to fully understand potential impact”, they said.

Northern Ireland’s Department of Health said it was working to keep disruption to a minimum.

“As a precaution, to avoid risk to other critical systems and services, access to the company’s services from the HSC (Health and Social Care system) has been disabled, while the incident is contained,” a spokesperson said. “Business contingency measures have been instigated for the affected HSC organisations and areas.”

The news follows a major IT crash at Guy’s and St Thomas’ Hospital Foundation Trust in London that left clinicians without access to patients’ records and forced the trust to cancel patients’ appointments for days.

That outage was trigged by the heatwave on 19 July. In an apology to patients last week, the trust said: “Regrettably we have had to postpone a number of procedures and appointments, something we never want to do.

“As our management systems return we will be in a position to assess the full impact of the situation, and contact patients and begin to rearrange their care as quickly as possible. We know this will be a complex task and will take both time and dedication.”

An NHS spokesperson said: “NHS 111 services are still available for patients who are unwell, but as ever if it is an emergency please call 999.

“There is currently minimal disruption and the NHS will continue to monitor the situation as it works with Advanced to resolve their software system as quickly as possible – tried and tested contingency plans are in place for local areas who use this service.”

Additional reporting by PA

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in