Cyberattack Impacts Two Ambulance Services

Hackers may have once again endangered people’s lives, after a cyberattack on a software supplier impacted two ambulance services in the UK.

The Daily Mail reported that two ambulance trusts in south England, namely South Central Ambulance Service (SCAS) and South Western Ambulance Service (SWASFT), were left unable to access electronic patient records after a cyber attack hit a supplier.

SCAS services cover Berkshire, Buckinghamshire, Hampshire and Oxfordshire, whereas SWAS covers Bristol, Cornwall, Devon, Dorset, Gloucestershire, Somerset, the Isles of Scilly and Wiltshire.

Supplier cyberattack

“We are aware of an incident affecting a small number of ambulance services,” an NHS spokesperson told the Daily Mail.

“Our Cyber Security Operations Centre is working with affected organisations to investigate, alongside law enforcement colleagues, and supporting suppliers as they work to reconnect the system,” the spokesperson added.

The BBC meanwhile cited the Health Service Journal’s ambulance correspondent Alison Moore, as saying that the services lost access to its electronic patient records on 18 July, after the Swedish firm Ortivus was attacked.

This meant that ambulances were turning up to call outs without their usual levels of medical history, such as allergies, significant health incidents and medications.

The attack was confirmed by Ortivus itself in a statement.

“On the evening of 18 July Ortivus’ systems were subject to a cyber-attack affecting UK customer systems within our hosted data centre environment,” said Ortivus.

“The electronic patient records are currently unavailable and are until further notice handled using manual systems,” said Ortivus. “No patients have been directly affected. No other systems have been attacked and no customers outside of those in the hosted data centre have been affected.”

Ortivus said it is currently working in close collaboration with the affected customers to restore the systems and recover data. The affected customers apparently use MobiMed ePR – an electronic patient record system in a hosted environment.

Ortivus said it not know the identity of those behind the cyberattack and “the incident has been reported to the authorities as a crime.”

Life threatening

Jake Moore, global cybersecurity advisor for ESET noted the potential for attacks such as these to become life threatening.

“This attack not only puts patient data at risk but also poses a life-threatening situation when disrupting patient care,” said Moore. “Ensuring the utmost security for the healthcare sector is crucial as the consequences of such attacks can be disastrous in multiple ways.”

“It requires significant time, resources and effort to safeguard against these threats but unfortunately funding this level of protection is easier said than done,” said Moore.

There have been numerous attacks on healthcare services in recent years, with a number of notable cases involving hospitals during the Covid-19 pandemic.

Then in May 2021 the health service in Ireland suffered a ‘significant ransomware attack’ and was forced to shut down their IT systems.

So bad was the attack that the Republic’s Health Service Executive (HSE) said it had shut down its IT network as a ‘precaution’.

And attacks on healthcare providers sometimes has fatal consequences.

In September 2020 for example, a cyberattack on a major hospital in Duesseldorf, Germany, resulted in the death of a female patient.

The cyberattack caused a failure of IT systems at Duesseldorf University Clinic, and a woman who needed urgent admission died after she had to be taken to another city for treatment.