GPs working in urgent care are having to share patient records on Word documents as the fallout from last week’s cyber attack is still ongoing.
System host Advanced, which was targeted in the ‘financially motivated’ attack, has said it will be able to phase services back online within the ‘next few days’.
An update sent to Liverpool GP practices, seen by Pulse, said appointment information will be sent in a ‘Microsoft Word document via secure email to your practice nhs.net email account’.
The update recognised the situation is ‘not ideal’, but said it is more of a risk for GP practices not to see patient information from out-of-hours interactions.
It said: ‘We have agreed that clinical consultation information will be sent in the form of a Microsoft Word document via secure email to your practice nhs.net email account.
‘This will allow practices to review key patient information and choose how to record that information in practice systems.’
It added: ‘Whilst this is not ideal, it is considered a lower risk to patient care than practices being unsighted on out-of-hours interactions.’
The update said that ‘North West 111 services are not affected directly by this issue’ but that ‘Merseyside GP out-of-hours service provided by Primary Care 24 (PC24) has been affected along with many across the country’.
While PC24 has been ‘operating effectively under business continuity measures’, it has ‘recently raised with us a concern that clinical interactions with the service are not being communicated to practices whilst systems are down’, the update said.
It added: ‘They have been able to record consultations and activity electronically, offering the ability to share this information via secure email.’
‘All practices [must] ensure that their nhs.net email account is checked on a regular basis for receipt of the records,’ the update said, and practices will be informed as soon as there is ‘clinical system recovery allowing resumption of normal record transfer’.
Meanwhile, the 111 system host said normal service is due to be phased in in the ‘next few days’.
NHS 111 system host Advanced’s latest FAQs said: ‘With respect to the NHS, we are working with them and the National Cyber Security Centre to validate the additional steps we have taken, at which point the NHS will begin to bring its services back online.
‘For NHS 111 and other urgent care customers, we anticipate this phased process to begin within the next few days.
‘For other NHS customers, our current view is that it will be necessary to maintain existing contingency plans for at least three to four more weeks.’
It confirmed that the cyber incident was a ransomware attack and said it believes this to be ‘purely financially motivated’.
Advanced said: ‘This was a ransomware attack conducted by a threat actor that we believe, based on threat intelligence provided to us from the authorities and our expert advisors to date, is purely financially motivated.’
The company could not confirm that patient data is not at risk, though it said ‘we have found no evidence that any personal data has been compromised’.
It said: ‘With respect to potentially impacted data, our investigation is underway, and when we have more information about potential data access or exfiltration, we will update customers as appropriate. Additionally, we will comply with applicable notification obligations.’
Urgent Health UK said: ‘Most of our members are facing difficulties but have used their business continuity systems to ensure that they are able to continue providing urgent care and other services to their patient populations.
‘One of the consequences is that GP practices are no longer getting reports of contacts the following morning. To address it organisations are working to send the reports by email.’
It added that it is ‘very frustrating that this vulnerability has been exposed at this time, especially when it was signposted only recently’.
Urgent Health UK also called for ‘national and local messaging to local populations’ so ‘people can understand what is happening and take extra care to use services appropriately’.
First revealed by Pulse, the 111 outage meant GPs in London were warned they could see an influx of patients signposted from the service.