Major MSP "Advanced" hacked: Says attack contained, as NHS customers lose services
Critical care software outages hit NHS as a result
See our updated story from June 11, 2022 here.
A cybersecurity attack on Advanced, a British software and managed services provider (MSP) with 25,000 customers, has taken down software for healthcare customers including NHS’s “111” emergency hotline.
The company, confirming the attack, said it had contained the incident and the majority of its healthcare customers – the company says its software is used by more than 140 NHS trusts – were unaffected.
MSPs have a target on their backs given the potential downstream client access a successful attack on their infrastructure can deliver for cybercriminals, and Advanced appears to have done well to limit the scope of the incident, although the list of software services affected by the attack has a large client base.
Software services taken down in the incident for affected users include Adastra, a patient management software product supporting 40 million patients and Carenotes, which gives clinicians real-time access to patient records across adult and youth mental healthcare services and which has some 40,000 clinical users.
The company told The Stack in an emailed comment that the security issue “resulted in loss of service on infrastructure hosting products used by our Health & Care customers. Following discovery of this incident, we immediately isolated all our Health and Care environments and no further issues have been detected.”
Follow The Stack on LinkedIn
Many of the affected trusts have had to resort to pen and paper to manage patient notes and take down details on emergency healthcare calls to the 111 helpline during an already pressured time for the NHS.
Advanced added by email: “Early intervention from our Incident Response Team contained this issue to a small number of servers representing an extremely small percentage of our Health & Care infrastructure… We continue to work with the NHS and health and care bodies as well as our technology and security partners focused on recovery of all systems over the weekend and during the early part of next week.”
It did not specify the nature of the attack but it seems likely that it is a ransomware incident and given the reference to recovery within days, Advanced appears confident its backup strategy is a robust one.
MSPs have faced mounting attacks in recent years and regular warnings that they will continue to face heightened levels of attack, including a joint May 2022 advisory from US and UK authorities. A July 2021 attack on software provider Kaseya was among the most impactful. In that incident cybercriminals abused a SQL injection vulnerability in remote access software from the company to then hack 50+ MSPs that used its products; piggybacking on that access in turn to hit over 1,500 downstream customer organisations with ransomware.
A May 2022 advisory from CISA and the NCSC meanwhile urged MSP customers to demand eight clear things in their contracts when it comes to MSP cybersecurity, from backups to logging, MFA to network segmentation.