Cyber Incident Victim: National Health Service
Date:
Aug 2022
Location:
United Kingdom
Summary
A cyberattack targeting Advanced, a provider of digital services for NHS 111, caused a significant system outage affecting healthcare services across the UK. The incident disrupted patient referrals, ambulance dispatches, out-of-hours appointment bookings, and emergency prescriptions, prompting warnings of delays and increased call volumes. Advanced isolated affected health and care environments, containing the issue to a small portion of its infrastructure. Emergency contingency plans were activated nationwide to minimize disruption, with health authorities in England, Wales, Scotland, and Northern Ireland coordinating responses. The National Crime Agency and National Cyber Security Centre collaborated with the company to investigate the incident, attributed to cybercriminals, while the organization maintained 111 and 999 service availability with heightened operational strain.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On August 4, 2022, a cyber-attack targeting Advanced, a provider of digital services for NHS 111, caused a significant system outage affecting healthcare services across the UK. The incident began at 7:00 AM when Advanced detected unauthorized activity, prompting immediate isolation of all health and care environments to prevent further spread. This containment limited disruption to 2% of the company’s health infrastructure but impacted critical NHS 111 functions including patient referrals, ambulance dispatch coordination, out-of-hours appointment bookings, and emergency prescription processing. The National Crime Agency confirmed its awareness of the incident and collaboration with Advanced, while the National Cyber Security Centre (NCSC) engaged directly with the company to assess impacts. Welsh Ambulance Service described the outage as "significant," "major," and "far-reaching," noting it affected all four UK nations. NHS England warned London general practitioners of potential patient influxes from disrupted 111 referral systems.
Service disruptions persisted into the weekend, with NHS Wales maximizing call capacity but anticipating delays due to increased demand. Health authorities in Scotland and Northern Ireland activated contingency plans, with Northern Ireland’s Health and Social Care system proactively disconnecting from Advanced’s services to protect other critical systems. An NHS England spokesperson confirmed minimal ongoing disruption but maintained vigilance, emphasizing 111 availability for non-emergencies alongside standard emergency protocols. Advanced’s Chief Operating Officer stated the attack appeared limited to cybercriminal activity rather than state-sponsored actors, though no specific group or motive was disclosed. No data breach or ransomware claims were reported during the initial response phase. Coordination continued between Advanced, NCSC, and health agencies across all UK nations to restore systems while managing operational impacts through existing backup procedures.