Update on the recent external cyber incident from the Digitising Social Care Team in the NHS Transformation Directorate

Update on the recent external cyber incident from the Digitising Social Care Team in the NHS Transformation Directorate

As you will have read in the media, Advanced, a third-party software supplier, has advised the NHS that they have been subject to an external cyber incident. In an update posted on their website, they confirmed that this was the result of a ransomware attack.

We understand that the following services, which are used by some adult social care providers, have been impacted by the incident, namely:

  • Caresys – a care home management software
  • Carenotes – an electronic patient record software
  • Staffplan – a care management software
  • eFinancials – a financial management system

Advanced has also published updates for each affected service on their website.

While an investigation is carried out Advanced has isolated all services and taken them offline to mitigate the risk of further impact. The National Cyber Security Centre (NCSC) is supporting Advanced with the investigation and response to the cyber-attack.

There is an ongoing investigation into the incident both looking at the cause and potential impacts around cyber and data security. Advanced has advised

“With respect to potentially impacted data, our investigation is underway, and when we have more information about potential data access or exfiltration, we will update customers as appropriate.  Additionally, we will comply with applicable notification obligations.”

We are working closely with our stakeholders in the Social Care Sector in order to understand which providers have been impacted by this incident. We will publish updated information through Digital Social Care as well as through other sector networks when we have it.


What to do if you are a provider affected by this incident?
  • Please contact us so that we can monitor the impact of the event, provide any additional information and also where relevant suggest how the operational impact can be mitigated
  • If your organisation completes the Data Security and Protection Toolkit, you should report incidents within the Toolkit. The tool allows reporting in one place and details are passed by NHS Digital to the Information Commissioner’s Office (ICO) where required.  Further information on reporting breaches is on the IG Portal


What should care providers be doing to protect themselves?
  • As a care provider, you should use the Data Security and Protection Toolkit(DSPT) to assess your data security compliance. Completing the Toolkit to Standards Met is the minimum compliance level that health and social care organisations must meet to access shared information though services such as Digital Social Care Records or proxy access. Better Security, Better Care is the free national and local support programme to help care providers to understand their responsibilities, and to complete the DSPT. We are helping to coordinate this programme and strongly recommend that you access this support.
  • Our Cyber Security Guidance pages also provide lots of helpful information for providers to help protect themselves from a cyber incident
  • The National Cyber Security Centre (NCSC) has produced guidance to help private and public sector organisations deal with the effects of malware (which includes ransomware). Following this guidance will reduce the likelihood of becoming infected, the spread of malware throughout your organisation and the impact of the infection



Photo by Adi Goldstein on Unsplash

Back to News