A software outage affecting some NHS services across the UK was caused by a cyber-attack, it has been confirmed. Advanced, a firm that provides digital services for NHS 111, said the attack occurred at 07:00 BST on Thursday. The attack affected the phone service and electronic referrals to out-of-hours GPs, but the NHS said the disruption was minimal.
The National Crime Agency said it was “aware of a cyber incident” and was working with Advanced. “A security issue was identified yesterday, which resulted in the loss of service,” said Advanced boss Simon Short. “We can confirm that the incident is related to a cyber-attack and as a precaution, we immediately isolated all our health and care environments. “Early intervention from our Incident Response Team contained this issue to a small number of servers representing 2% of our Health & Care infrastructure.”
Family doctors in London were warned by NHS England they could see an increased number of patients sent to them by NHS 111 due to the “significant technical issue”, industry Magazine Pulse. It said a letter to GPs in the capital stated the problem was affecting the electronic referral process for patients. On Friday, the Welsh Ambulance Service said: “There is a major outage of a computer system that is used to refer patients from NHS 111 Wales to out-of-hours GP providers.
“The ongoing outage is significant and has been far-reaching, impacting each of the four nations in the UK.” An NHS England spokesperson said there was currently minimal disruption and it was monitoring the situation. “NHS 111 services are still available for patients who are unwell, but as ever if it is an emergency please call 999,” they said. “There is currently minimal disruption and the NHS will continue to monitor the situation as it works with Advanced to resolve their software system as quickly as possible – tried and tested contingency plans are in place for local areas who use this service.”
A Scottish Government spokesperson said it was aware of the reported disruption to one of NHS Scotland’s IT suppliers’ systems and is “working with all health boards collaboratively on a four nations basis with the National Cyber Security Centre and the supplier to fully understand the potential impact”. It said “continuity plans” are in place. A spokesperson for Northern Ireland’s Department of Health said they are working to keep disruption to a minimum. “As a precaution, to avoid risk to other critical systems and services, access to the company’s services from the HSC (Health and Social Care system) has been disabled, while the incident is contained,” they said.
