Two ambulance services in UK lost access to patient records after a cyber attack on software provider

Swedish software firm Ortivus suffered a cyberattack that has resulted in at least two British ambulance services losing access to electronic patient records.

Two British ambulance services were not able to access electronic patient records after a cyber attack that hit their software provider Ortivus.

Ortivus was a Swedish software company specializing in providing solutions for the healthcare and medical industry. They focused on developing technology for electronic patient record systems and related medical data management applications.

The company explained that the attack took place on the evening of 18 July, 2023, and the incident impacted UK customer systems within its hosted datacenter environment.

“The electronic patient records are currently unavailable and are until further notice handled using manual systems. No patients have been directly affected. No other systems have been attacked and no customers outside of those in the hosted datacenter have been affected.” reads the advisory. “Ortivus are currently working in close collaboration with the affected customers to restore the systems and recover data. The affected customers are the ones using MobiMed ePR, electronic patient record systems in a hosted environment.”

The company confirmed that they were forced to hand patient data using manual systems.

The company did not share details about the attack, it also informed customers that notified the authorities. 

Ortivus CEO Reidar Gårdebäck told The Register that the alternative system was ready within 24 hours of the attack. Gårdebäck also added that they have no evidence that threat actors have stolen customers’ data.

“Our focus now is just to restore the services and we’re doing everything we can, with all our resources, to get the system up and running again. The discussion regarding compensation will be done later on,” he said.

“We have no indication that any data has been stolen or lost. Of course, we are monitoring that.”

The company did not reveal the name of the impacted ambulance services, however, El Register revealed that they are South Western Ambulance Service Trust and South Central Ambulance Service Trust. Both organizations moved to a hosted environment for Ortivus’s MobiMed software following an agreement signed in 2020. The two services serve a permanent population of around 12 million people.

On July 20, 2023, Ortivus announced that it was ready to initiate MobiMed ePR, electronic patients records for the British customers that got affected during the recent cyberattack.

“Ortivus can announce that the MobiMed ePR system that was hit by the previously reported cyber-attack is ready to be re-initiated for the affected customers as an interim live environment has been constructed using new equipment. Before the system can be brought into operation it has to be approved and verified by an independent actor to ensure that the system meets certain criteria indicated by NHS England and the Ambulance Trusts. This external analysis is ongoing and is expected to be finished at the beginning of next week.” reads the announcement. “Meanwhile, paramedics can use the MobiMed ePR application locally on their computers. However, they will not be able to import or export patient data before the approval has been received.”

Follow me on Twitter: @securityaffairs Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ambulance services)