NHS Ambulance trusts unable to access patient records following cyberattack

NHS Ambulance trusts unable to access patient records following cyberattack

Image:
NHS Ambulance trusts unable to access patient records following cyberattack

Attack on Ortivus's data centre last week has left two trusts in the south of England resorting to paper-based records

Two NHS ambulance services have been unable to access electronic patient records for over a week following a cyberattack on Swedish health tech company Ortivus.

South Western Ambulance Service Foundation Trust (SWASFT) and South Central Ambulance Service Trust (SCAS), which together serve around 12 million people across England, have reportedly had to resort to paper-based systems since last Tuesday.

SWASFT serves Bristol, Cornwall, Devon, Dorset, Gloucestershire, Somerset, Wiltshire and the Isles of Scilly. SCAS covers Oxfordshire, Buckinghamshire, Berkshire and Hampshire, with non-emergency coverage in Sussex and Surrey.

Ortivus's MobiMed software, used by the two trusts across more than 1,700 ambulances and clinical workstations, went offline after the company's UK data centre was targeted.

One ambulance service employee, told HSJ that staff have been struggling with the paper-based workaround, which provides less patient information than the digital system. "We can't do summary care record searches or see previous call information," the staff member said.

In a statement, Ortivus said UK customers using MobiMed ePR electronic patient record systems within its hosted environment were affected, but that no patient data was compromised.

No information about the nature of the attack or the attackers has been released.

In an online post dated 21st July, Ortivis said it was ready to reactivate the system but was waiting for final approval by NHS authorities before the ambulance trusts can reconnect.

Meanwhile, paramedics can use MobiMed ePR locally on their computers, but they will not be able to import or export patient data until the system is back online.

MobiMed is used for patient monitoring and record keeping during prehospital care. The two trusts moved to Ortivus' hosted MobiMed platform in 2020 as pat of a modernisation of their electronic patient record systems.

Healthcare systems are particularly vulnerable to cyber threats as facilities thanks to their complexity, connectivity, the valuable personal data they hold, and the drastic impact of any prolonged outage, which criminals believe makes them susceptible to ransom demands.

A recent report by security vendor SonicWall found that encrypted threats on healthcare are up 94% year-on-year.

Spencer Starkey, VP of EMEA at SonicWall commented: "Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life.

"The ramifications of an attack on the healthcare sector can be disastrous and it's important to place the utmost amount of time, money and efforts on securing them."