The recent cyber-attack on Advanced, one of the NHS’ major IT providers, has been confirmed as a ransomware attack. The cyber-attack has affected Adastra clinical patient management software. Advanced first spotted the hack on 4 August and today (11 August) it was confirmed as ransomware. But so far the company has not said if it is in negotiations with the hackers. The attack on Advanced follows increasing concern by industry watchdogs that ransomware victims are possibly too willing to give in to ransomware demands.
Last month the UK’s National Cyber Security Centre (NCSC) and Information Commissioner’s Office (ICO) released a joint letter urging the legal industry not to pay ransomware demands. The letter follows an increase in the number of ransomware payments and a growing suspicion that solicitors are advising their clients to give in to criminal demands for payment. The NCSC, which is part of GCHQ and ICO have written to the Law Society to say that they have seen evidence of a rise in ransomware payments, and that they do not encourage or condone paying ransoms. The NCSC and the ICO make clear that ransomware remains the biggest online threat to the UK and the legal sector has a vital role to play in helping reverse the trend of paying ransom demands to criminal organisations. The letter states that the response to cybercrime must be vigilance, good cyber hygiene and proper staff training.