Advanced issues status updates on products affected by cyber-attack

Advanced has issued a status update on each of their products affected by the cyber-attack, including its Adastra software which works with 85% of NHS 111 services.

The ransomware attack, which caused a major outage on 4 August of multiple health and care systems provided by Advanced, caused disruption for many customer groups, including those who use the NHS 111 service.

In the most recent update on the webpage on 19 August, Advanced have confirmed for NHS 111 customers using Adastra that they have now completed their internal security assurance activity and will be sharing evidence with NHS and NCSC [National Cyber Security]  for review.

The recovery update also says: “Once the evidence provides a high confidence level this will be communicated through via the NHS England and EPRR incident management team and customers will be able to reconnect in line with the process set out by NHS England.”

Advanced will be moving forward with the phased process of bringing these organisations back online today (22 August), with the order in which providers reconnect to Adastra being set by the NHS England EPRR incident management team.

Other Advanced products affected by the cyber-attack include Staffplan, Carenotes, Caresys and Crosscare. For Staffplan customers, Advanced confirmed that they have been able to make data extracts available to assist organisations in their day-to-day operations.

Most Carenotes customers now have access to their log shipping data and for those who do not, Advanced are continuing to contact them on a one-to-one basis to discuss data requirements.

For Caresys and Crosscare customers, they are still working through their technical assessment to determine the next steps towards recovery.

Advanced said on their webpage last Friday: “While our recovery work progresses, we thank customers for continuing to implement their contingency measures.

“We will provide regular, service-specific updates on our website portal as our efforts progress and hope to be in a position to provide more concrete news on timelines by the end of next week.”

On 11 August Digital Health News reported that Advanced were in the early stages of a forensic investigation into the ransomware incident which is aiming to find out the root cause and whether sensitive patient data has been accessed.

The latest update is that this is progressing in line with the timeline and plan and Advanced are now building a much clearer picture of the incident’s root cause. They will soon be in a position to confirm and share indicators of compromise (IOCs) with customers on request.

The third-party experts, including Mandiant and Microsoft DART, are also well advanced in their investigation into any potential data impact as a result of the incident. Advanced say they will update customers as appropriate and comply with any applicable notification obligations.

Advanced rounded off the latest security incident update by saying: “We recognise that this has been a challenging time for our customers and we appreciate your patience and understanding as we work to recover from this attack.

“We continue to prioritise the safety and security in all of our decision making and are approaching this restoration process with diligence and rigour.”