Advanced has hired Mandiant and Microsoft DART (Detection and Response Team) to perform forensics and "ensure that our systems are brought back online securely with enhanced protections," the cloud MSP stated. However, it may take the entire month of August or so to perform a complete restore, Advanced indicated.
The fallout impacted patient referral systems, ambulance dispatch management, and after-hours patient booking and emergency prescriptions, multiple reports assert.
Related: Google Cloud Acquiring Mandiant
Advanced: UK Cloud Application Provider, MSP Business Details
According to an Advanced FAQ about the cyberattack, the impacted software applications and managed IT services include:
- Adastra – a clinical patient management software system that supports 40 million patients;
- Caresys – a care home management software that helps over 1,000 care organizations;
- Carenotes – an electronic patient record software used by over 40,000 clinicians;
- Crosscare – a clinical management system for hospices and private practice used by over 70 adult and children’s hospices across the UK; and
- Staffplan – a care management software that supports over 1,000 care organizations.
Advanced, backed by private equity firm BC Partners since 2019, is a large, tempting target for hackers, cyberattacks and ransomware groups. The company, based in Birmingham, England, offers ERP (enterprise resource planning), vertical market applications and associated IT services to more than 25,000 customers. Key customers include NHS, Department for Work and Pensions (DWP), London City Airport, Virgin Money, Café Nero, Harvey Nichols, Woodland Trust and Norwich City Council.
CISA, FBI, UK Repeatedly Issue Ransomware Attack Warnings to MSPs
The CISA, FBI and UK authorities have repeatedly warned MSPs about inbound cyberattacks. The latest joint warning, issued in May 2022, included 12 tips to help MSPs reduce ransomware cyberattack threat risks. Separately, Microsoft issued a ransomware cyberattack warning to small businesses and their IT service providers in July 2022.
Blog originally posted August 7, 2022. Updated regularly thereafter with ransomware attack recovery updates.