Some ambulance services within the UK’s National Health Service (NHS) are facing challenges in recording medical data from patients following a cyber attack on the Ortivus medical software development company.
The cyber attack, which occurred on July 18, targeted customer systems in the UK that were stored in the cloud. Ortivus, which is based in Sweden, provides ambulance services South Western and South Central with the Mobimed software through a 2020 agreement.
As a result of the attack, the ambulance staff at South Central have been forced to manually record patient information and have been warned about the possibility of phishing attacks. Efforts are currently underway to address vulnerabilities in the server infrastructure, which is believed to be running on the Microsoft Windows Server operating system.
Ortivus has stated that electronic medical cards are currently inaccessible due to the cyber attack, but assures that patients have not been harmed. The incident did not affect other systems or customers outside of the cloud data storage.
Mobimed EPR, the software provided by Ortivus, is specifically designed for monitoring and maintaining patient records in pre-hospital care settings, as well as facilitating the exchange of vital parameters with other medical institutions.
On July 21, Ortivus announced that it is ready to relaunch the Mobimed EPR for customers using the cloud environment, pending final approval from NHS authorities.
However, Ortivus CEO Reader Gordbek could not provide a timeline for when a third-party analysis of the incident will be completed. Gordbek also mentioned that discussions regarding compensation for the service disruption will be conducted at a later date, but stated that there is no evidence of data being stolen or lost.
A representative from NHS England confirmed that they are aware of the incident affecting a small number of ambulance services. The NHS cybersecurity center is working with the affected organizations, conducting an investigation in collaboration with law enforcement agencies, and assisting suppliers in restoring the system’s functionality.