top of page

NHS employees warned to expect three weeks of disruption as a result of a cyberattack

Health officials have issued a warning that a hack on Advanced, a British software and managed services provider with 25,000 customers, has severely disrupted NHS IT systems and may prevent doctors from accessing patients' records for up to three weeks.

Following the cyber attack on the software system used by several NHS trusts, it had to be shut down last week. The intrusion has prevented thousands of hospital employees from accessing patient records and notes, potentially leading to fatal medication errors and misdiagnoses.

Advanced, whose software is used by more than 140 NHS trusts, discovered the security flaw on Thursday, August 4. It has affected its Adastra and Carenotes systems.

Adastra is used to refer patients for care, as well as to dispatch ambulances, schedule after-hours appointments, and issue emergency prescriptions. Adastra is used by up to 85% of NHS 111 providers and several out-of-hours services.

Carenotes provides clinicians with instant access to patient records for both adult and paediatric mental health services.

Simon Short, chief operating officer at Advanced, confirmed the outage was the result of a cyberattack, but he was unable to predict when it would end. Staff at hospitals are now being advised to plan for at least three weeks of disruption.

Health officials have warned that 111 callers may face longer wait times than usual, but they advise the public to continue using the NHS as usual, including dialling 999 in an emergency.

The Oxford Health NHS Foundation Trust has informed employees that it is implementing emergency procedures to address issues that have arisen as a result of the outage.

In an email to staff, CEO Nick Broughton stated that the hack targeted both the Trust's financial system and the system used to refer patients for treatment.

"We have now been advised that we should prepare for a system outage that could continue for two weeks for Adastra and possibly longer than three weeks for Carenotes," he said.

The note also stated that steps are being taken to manage the massive amount of work and effort required to recover from this incident.

The Trust claimed that employees had skipped holidays and annual leave and worked through the night to find solutions.

"The whole thing is down. It's really alarming… we're carrying a lot of risk as a result of it because you can't get records and details of assessments, prescribing, key observations, medical mental health act observations," an NHS director said.

"You can't see any of it. Staff are going to have to write everything down and input it later."

The director added they are finding it difficult "to discharge people, for example to housing providers, because we can't access records."

The announcement comes after Guy's and St Thomas' NHS Foundation Trust in London experienced a significant IT failure last month, forcing the trust to reschedule patient appointments for several days.

Because of the "critical site incident," some operations were cancelled and seriously ill patients were re-routed to other hospitals in the city.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page