Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Daily Record
Daily Record
National
Hannah Rodger

Cyber attacks 'crippled Scots NHS systems' with patient records stored on pieces of paper

Doctors were forced to keep patient records on pieces of paper and emails after a huge cyber attack crippled critical Scots NHS systems.

Health Secretary Humza Yousaf has been accused of suppressing details of the hack, despite fears confidential files for millions of people could have been stolen and treatment waiting times hit.

The ransomware attack, which crippled the Adastra system, blocked access to patient records for months, with some parts still not working today.

The security breach on August 4 has been described as one of the worst cyber attacks in the history of the NHS, affecting up to 5.5million patients across Scotland as well as services in England and Wales.

The National Cyber Security Centre and GCHQ are involved in the ­investigation, with speculation that Russian hackers, or more likely a gang of cyber criminals, are behind the incident.

MSPs have questioned why the Scottish Government and, in particular, Yousaf have failed to make any public statement on the attack or tell ­Holyrood of its impacts, including if any patient data was stolen.

NHS National ­Services Scotland (NSS) said there was “no indication” patient data had been compromised but, when asked to clarify, it was unable to give a definitive response.

Advanced, the firm which operates the Adastra software, was also unable to say if patient data was affected when asked last month. But the company said it was “monitoring the dark web as a belt-and-braces ­measure”, in case hackers had stolen patient information and tried to sell it online.

Adastra is patient­ ­management software which is supposed to allow access to patient care notes across all parts of the NHS, including out-of-hours GP services, A&E and NHS24.

The attack blocked access to patients’ records across ­Scotland, forcing medics to resort to keeping notes on paper or in email and Word ­documents for months.

Most of the services were back to normal by mid-October but one – Adastra remote – is still not working, which means mobile medics cannot update patient records.

NHS Scotland wards have been affected. (Daily Record)

It has also affected waiting times, with Scotland’s largest health board unable to provide data on out-of-hours waiting times between August and October. Other health boards are thought to have the same issues.

NHS Greater Glasgow and Clyde said the IT system was now “back in use, however not all aspects of the system are fully operational and there remains limited ­recording of some aspects of the
out-of-hours service”.

Paul O’Kane, Labour MSP for West Scotland, demanded that Yousaf make an urgent statement. He said: “The fact that neither the health minister nor NHS leaders have disclosed this serious cyber attack and the ­consequences simply beggars belief.

“It is shocking that systems are still not fully operational and there is a serious risk of a data breach concerning patients’ information, as well as an impact on waiting times and data.

“We need answers as to how many patients were affected, how long it will take until systems are fully restored and over the scale of the disruption to NHS business. We need transparency in order to have trust in our NHS– instead, Humza Yousaf has swept this whole episode under the carpet.”

The Scottish Government denied it covered up the attack, telling the Sunday Mail it was the responsibility of Advanced, the software owner, to provide information.

A spokeswoman said: “The incident was widely reported and all information is in the public domain. It is the responsibility of the supplier to confirm details – ­available online.

Core systems were fully restored and ongoing ­monitoring by Scottish ­Government resilience officials working closely with all ­relevant organisations is in place.”

Health Secretary Humza Yousaf has been accused of suppressing information about the attack. (PA)

NHS NSS, which provides services to all 14 NHS boards across Scotland, said boards were “working to update their electronic records as swiftly as possible” after keeping notes on paper during the attack.

Scottish ­Conservative Shadow Health Secretary Dr Sandesh Gulhane MSP said: “This appalling cyber attack caused huge inconvenience for already-overstretched frontline NHS staff and alarm to patients whose safety may have been compromised.

“As Health ­Secretary, it’s Humza Yousaf’s duty to explain to Scottish patients how this attack has impacted them, and hopefully allay their fears.

“It’s unacceptable that he’s made no public statement on this issue because people have a right to know definitively whether their personal details have been obtained by hackers.”

Asked why it had not issued any ­public statement, a spokesman said: “NHS NSS is responding on a national basis. In common with all NHS Scotland health boards, we are fully committed to transparency.”

Steven Flockhart, director of digital and security at NHS NSS, said: “NSS has worked with our fellow health boards and the supplier to successfully minimise the impact of the Adastra cyber attack.

“The rapid rollout of contingency planning ensured there was minimal impact on patients. The majority of affected services were restored within weeks. There is no indication of any patients’ details being compromised.

“We are working with colleagues across NHS Scotland to complete the final stages of restoring the few services that remain unavailable.”

Don't miss the latest news from around Scotland and beyond - Sign up to our daily newsletter here.

READ NEXT:

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.