CareNotes was originally developed by a small enterprise down a country lane in NW England. Like so many other SMEs they were swallowed up by a bigger fish.
Was “sweating the assets” an issue here?
It would be interesting to know how far down the Cyber Essentials path Advanced have travelled and how Trusts managed to procure a product which, by Advanced’s own admission via their press statements, appears to have been non-compliant with basic IT security protocols.

You nasty little troll. Autism Matters is one of my favourite charities – please don’t sully their name through association with your ignorant and bigoted remarks.
This was a massive failure by a private sector company who have let down thousands of patients, including many service users who are on the spectrum.

It was the system supplier /host that was hacked. Not the Nhs. Just another example of the private sector doing things more efficiently (eye roll). Next time you need the Nhs be sure to let the staff know you’d like your claps back. I’m sure they will happily give you a quick round of applause rather than treat you.

It’s not really happening. It’s an excuse for NHS and the care sector to ask for even more funding. They would bleed a well dry if they could.

Advanced host a number near-critical national infrastructure in NHS111, and mission critical applications for NHS and Social Care. I’m staggered that 6 years on from the Copeland incident, customers are left without applications because a key supplier was woefully unprepared for a cyber incident of this nature.

Given the pressure from the EPRR team to get operating again it seems unlikely that they would have allowed assurance to cause such a delay. Smells a bit fishy.

First of all, I feel so sorry for all of the care workers and patients impacted by this. It is now 10 weeks since Advanced noticed the intruders in their system (it sounds like they noticed when the intruders fired off ransomware). The intruders are stated to have been inside Advanced’s infrastructure for at least two days – time enough to extract confidential patient data and download it and move laterally inside the network. Let’s think about that for a second – they connected to Staffplan, a system made available over the public internet – and made their way into what should have been an entirely segregated set of systems connected to HSCN. Wow.

Now let’s think about the return to service of some of these products. Carenotes has required to be rebuilt entirely. A new configuration. Where are the backups? Retrospective clinical records are being imported into the new configuration. Shocking.

Adastra, a clinical system which is often sold with very high availability (99.99% or greater) is still only available to 9 out of every 10 customers.
Staffplan, which is the core to many domiciliary care providers’ services and their ability to help their service users and demonstrate compliance to payers will have a limited Minimum Viable Product only tomorrow.

It is hard to think how the management of this outage could have been poorer.

A service interruption of to these products would have been poor if it had been measured in single digit days. The fall-out and interrupted service delivery will certainly stretch over 100 days and Advanced deserves to lose their entire health and care customer base. And customers of other products in their broad portfolio should take notice too! These systems were once an exemplar for customer service and functionality and now will just be a textbook example of how under-investment and lack of general care will eventually catch up with you.