In the immediate aftermath of a high-profile cyberattack, there are headlines and a huge amount of interest in the nature of the breach and its impact on victims. However, after this initial interest, there is generally little information about the long-lasting result of the attack. It is clear that things do not go back to normal quickly, and for public service organisations, this can have huge consequences.

In August 2022, Advanced, a leading IT supplier to the NHS was the victim of a ransomware attack, leading to a huge disruption across the health service. Priority was placed on recovering the Adastra system which is used by NHS111, the national emergency telephone support service. However, it seems that a similar priority was not placed on the EPRs used by mental health trusts across the country.
So, after over two months of no access to key systems NHS mental health trusts are having to turn to stop-gap solutions or having to find entirely new EPR systems. The result on finances and frontline services have been severe and should act as a warning to both other public and private sector organisations as AJ Thompson, CCO at Northdoor plc told Think Digital Partners.
“We all see the immediate impact of a large cyberattack. There are headlines with victims explaining how the breach has affected them. However, after this initial interest, there is very little information about the ongoing consequences, even after the attack has been dealt with, he said.
“The Advanced hack was high-profile and caused real problems throughout the NHS. The effect on public sector organisations is particularly acute because of the nature of the data they hold.
“Recovering data from a ransomware attack is difficult in any business, but NHS Trusts have a particular issue when prioritising which data to recover first. It seems that after the Advanced attack some NHS mental health trusts continue to suffer. Unable to access EPRs and patient records has had a major impact on the ability of Trusts to offer day-to-day frontline services to vulnerable patients.”
If you liked this content…
Thompson said it is clear that such critical information as medication details for individuals or whether they are a potential danger to themselves or others have to be accessible at all times.
“The chaos and legacy that a ransomware attack has on an organisation are clearly shown in the Advanced case. Trusts have had to turn to stop-gap solutions or even simply bring in entirely new software. This further impacts frontline services and places a real strain on already struggling budgets,” he continued.
“Public sector organisations are increasingly under threat from cyber criminals and their sophisticated attacks. It is not so much ‘if’ an organisation will be attacked but ‘when’. Therefore, building up cyber resilience is absolutely critical to allow organisations to recover critical data quickly and allow frontline services to continue unimpacted whilst the attack is dealt with.
“Cyber resilience helps organisations once they have been breached. Unlike disaster recovery which continually takes huge amounts of data to back-up systems, cyber resilience identifies the critical data and holds it in offline silos. This ensures that data is completely isolated, and out of the reach of cybercriminals. It can then be recovered quickly in the event of an attack allowing organisations to continue to offer effective frontline services. Disaster recovery on the other hand sends the huge amount of data it collects to other datacentres, which in the event of an attack could be at risk of being breached too.
“If the NHS mental health trusts had implemented cyber resilience EPRs would have been safe in silos, easily recoverable, saving time and importantly budget and ensuring crucial services could be delivered,” he said.