Advanced begins forensic investigation into ransomware attack

  • 11 August 2022
Advanced begins forensic investigation into ransomware attack

Advanced are in the early stages of a forensic investigation into its recent ransomware attack which aims to find out the root cause and whether sensitive patient data has been accessed.

On 4 August, Advanced experienced disruption to its systems that have since determined to be the result of a cybersecurity incident caused by ransomware. The affected products, either directly or indirectly, are Adastra, Caresys, Odyssey, Carenotes, Crosscare, Staffplan and eFinancials. According to data from Digital Health Intelligence, Advanced provides various systems across 36 acute and mental health trusts in England.

The ransomware attack was conducted by a threat actor that Advanced believe, based on threat intelligence provided to them from the authorities and their expert advisors to date, is purely financially motivated.

It is not yet known whether sensitive data is at risk as a result of the incident, with the forensic investigation underway to discover more information about potential data access or exfiltration.

Simon Short, chief operating officer at Advanced, said: “We are continuing to make progress in our response to this incident. We are doing this by following a rigorous phased approach, in consultation with our customers and relevant authorities.

“We thank all our stakeholders for their patience and understanding as our team works around the clock to resume service as safely and securely as possible.”

Advanced has engaged with third-party forensic partners including Mandiant and the Microsoft DART teams to conduct an investigation and ensure that their systems are brought back online securely with enhanced protections.

In terms of remediation and recovery, Advanced are rebuilding and restoring systems in a separate and secure environment. They have implemented a defined process by which all environments will be systematically checked prior to securely bringing them online.

The company is also working with the NHS and the NCSC to validate the additional steps taken, at which point the NHS will begin to bring its services back online.

In the most recent update on the webpage on 10 August, Advanced say that for NHS 111 and other urgent care customers, they anticipate this phased process to begin within the next few days.

For other NHS customers, their current view is that it will be necessary to maintain existing contingency plans for at least three to four more weeks but are working tirelessly to bring this timeline forward.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Miya Emergency live across three Hampshire Hospitals A&E units

Miya Emergency live across three Hampshire Hospitals A&E units

Emergency departments in three hospitals across Hampshire Hospitals NHS Foundation Trust have deployed Alcidion’s Miya Emergency system.
NHSE publishes contract for ‘tiger teams’ to support EPR delivery

NHSE publishes contract for ‘tiger teams’ to support EPR delivery

NHS England has published a contract notice worth £13.3 million for a "tiger teams service” to support EPR delivery across England.
ULTH selects Nervecentre as preferred EPR supplier

ULTH selects Nervecentre as preferred EPR supplier

United Lincolnshire Teaching Hospitals NHS Trust (ULTH) has selected Nervecentre as its preferred electronic patient record (EPR) supplier.