Advertisement

NHS cyber attack could leave staff without patient records ‘for three weeks’

NHS - Kirsty O'Connor/PA Wire
NHS - Kirsty O'Connor/PA Wire

A cyber attack on NHS medical records could mean that medics are unable to access patients’ notes for three weeks, health chiefs have warned.

The software system which supports NHS 111 and electronic records was shut down last week after it was attacked by hackers.

The breach has left thousands of hospital staff unable to access patients’ notes and histories, increasing the risks of misdiagnosis and deadly medication errors.

Meanwhile, NHS 111 staff are being forced to resort to pen and paper as they attempt to prioritise calls, without use of the system which normally helps them to dispatch ambulances and book urgent out-of-hours appointments.

The company which operates the systems was unable to say when the outage will end, with hospital staff being told to prepare for at least three weeks of disruption.

The attack, which is believed to have been carried out by a criminal gang rather than a hostile state, took place last week, heaping pressure on NHS staff.

‘Public should use NHS as normal’

Health officials have said those calling 111 may face longer waits than usual, but have said that the public should continue to use the NHS as normal, which means calling 999 for emergencies.

In an email to staff, Nick Broughton, the chief executive of the Oxford Health NHS foundation trust, said it had been advised to prepare for “a system outage that could continue… possibly longer than three weeks” for the electronic records system.

The email, seen by the Health Service Journal, said that the system used by NHS 111 may not be restored for two weeks.

It is understood that there is no evidence so far that patient data has been compromised by the breach. This affects Advanced, the company which supplies software to swathes of the health service.

However, NHS staff have warned that medics have been left in a “very dangerous” situation as they are forced to take decisions without access to patients’ medical histories.

Care homes affected by cyber attack

Advanced’s Adastra system allows call handlers to send out ambulances, as well as booking out-of-hours emergency prescriptions for patients and urgent appointments.

More than 1,000 care homes using the company’s Caresys software have also been affected, alongside NHS trusts.

An NHS spokesman said: “While Advanced work to resolve their software problems, tried and tested contingency plans are in place across local health systems so the public should continue to use the NHS as normal.”

Last month, the head of the National Cyber Security Centre and the Information Commissioner warned businesses that they risked “incentivising” attacks from cyber crime gangs by meeting ransom demands.

‘Staff working on paper’

Last week, a letter from NHS regional officials warned that the outage had left NHS 111 staff “working on paper” and was “negatively affecting” response times.

On Aug 5, the Welsh Ambulance Service said that the “major outage” had impacted all four nations, warning that it could take longer for 111 calls to be answered over the weekend.

The letter sent to GPs, seen by the health news publication Pulse, said that call handlers have been left unable to book patients directly for appointments with family doctors, adding they were asked to “manage calls where possible”.

Direct booking for call handlers into other services was shut down and staff have been told to try and make them via the phone or emails instead.