Medway IT systems yet to be restored after cyber scare
- 18 December 2024
- IT systems at Medway Community Healthcare have yet to be restored following suspicious activity on 2 December 2024
- Medway since confirmed that “following deep-dive research, there has been no evidence of unauthorised access to patient data”
- It is now “gradually and carefully reconnecting” some of its priority patient IT systems
The IT systems at Medway Community Healthcare have not yet been restored following a suspected cyber attack, Digital Health News has learned.
Medway announced on 2 December 2024 that an investigation was ongoing and it had disconnected its IT systems to “protect patient and staff data” after detecting “suspicious activity”.
Following the incident, Medway told Digital Health News on 17 December that all of its IT systems are yet to return to normal, but the organisation is “working methodically and carefully to restore them”.
An update published on 13 December said: “We want to thank our patients for their understanding and support as we have worked through our ongoing IT incident. Our staff have worked hard to maintain our services, and to provide care to our communities.
“We appreciate that the IT outage has resulted in delays and some disruption over the past week and want to thank everyone involved.
“Our focus has understandably been on continued safe and effective care, while NHS England oversaw a thorough and in-depth specialist investigation.
“This investigation has taken some time but we’re pleased that following deep-dive research, there has been no evidence of unauthorised access to patient data.
“As a result, we are now carefully and gradually reconnecting some of our priority patient systems, meaning that you should see things begin to return to normal.
“This will not be immediate and will not apply to all systems at present, so please bear with us as we adjust and reset.”
It adds that patients will still be required to have a paper form for blood tests.
The IT incident followed a cyber attack at Alder Hey Children’s NHS Foundation Trust on 28 November 2024, which also impacted Liverpool Heart and Chest Hospital and Royal Liverpool University Hospital.
A major incident “for cyber security reasons” was also declared at Wirral University Teaching Hospital NHS Foundation Trust on 25 November 2024.
In an update published on its website on 4 December, the trust said that the incident had been stepped down to a business continuity incident and it was in the process of reinstating its main clinical system following the cyber security incident.
Richard Horne, the new head of the National Cyber Security Centre (NCSC) called for the need for sustained vigilance earlier this month.
In a speech on 3 December 2024, Horne highlighted the impact of cyber attacks, referencing the ransomware attack on pathology provider Synnovis in June 2024.
“In the past year, we have seen crippling attacks against institutions that have brought home the true price tag of cyber incidents.
“The attack against Synnovis showed us how dependent we are on technology for accessing our health services,” Horne said.