Advanced ransomware attack – “The attack is contained and not spreading”

We ask Advanced how it can assure legal customers that there is no risk that they are impacted by the recent cyber-attack.

Advanced says that a cyber-attack that has impacted its health & care customers is “contained and not spreading” as it battles to bring affected systems back online. 

The UK software company, which acquired Tikit in 2020, experienced ‘disruption’ to its systems on 4 August, which it determined to be a ransomware attack. The customer groups impacted either directly or indirectly are Adastra (for 111 call handlers and GP records), Caresys (used in care homes), Odyssey (to assist clinical decision making), Carenotes (for mental health trust patient records), Staffplan (used by care organisations) and eFinancials (a public sector financial management system.) 

The first five systems are directly affected. However, Advanced says that customers of eFinancials have lost connection to their systems due to its precautionary taking down of the HSCN network. 

Legal IT Insider asked Advanced how it is sure that its legal customers are not affected by the cyber attack. We received a statement saying: “We want to stress that there is nothing to suggest that our customers are at risk of malware spread and believe that early intervention from our Incident Response Team contained this issue to a small number of servers.”

They told us: “As soon as we learned of the incident, we immediately took action to mitigate any further risk, and isolated all of our Health and Care environments, where the incident was detected. Since these systems were isolated, no further issues have been detected and our security monitoring continues to confirm that the incident is contained.

“We moved swiftly to engage leading third-party forensic partners, including Mandiant and the Microsoft DART teams, to conduct an investigation and ensure that our systems are brought back online securely with enhanced protections. We remain in contact with the NHS, NCSC, and other governmental entities and are providing them with regular status updates. We have also been in contact with the ICO and will continue to be responsive to any questions they may have.”

Advanced has issued a statement to customers saying that the issue was confined to a small number of servers representing 2% of its Health & Care infrastructure, limiting the impact.

Simon Short, chief operating officer at Advanced said: “We are continuing to make progress in our response to this incident. We are doing this by following a rigorous phased approach, in consultation with our customers and relevant authorities. We thank all our stakeholders for their patience and understanding as our team works around the clock to resume service as safely and securely as possible. For the latest update on our response, please go for more information.”  

A full summary of the incident and FAQ is available here –