An East London health foundation believes there is “no evidence” its patients’ data was stolen during a cyberattack – but their financial systems were affected.
On August 4th, hackers carried out a ransomware attack on Advanced, a software company that provides services to the North East London Foundation Trust (NELFT).
The attack affected the NHS 111 helpline, GP surgeries and mental health trusts such as NELFT.
However, according to minutes of the NELFT board meeting days after the August attack, patient data was not compromised as Advanced shut down its systems “very promptly”.
During the meeting, board members discussed the cyberattack but were told that although financial systems were affected, there was “no evidence that data was compromised by NELFT”.
Finance director Malcolm Young told the board the systems were “cleaned, secure and could be back up and running as soon as possible” without impacting clinical services.
Board minutes show that NELFT suffered a “reduced cash balance” from the “phasing of debtors” after its ability to make payments was reduced in July and August.
According to a recent report in the newspaper “i”, 12 mental health foundations with tens of thousands of patients in Advanced’s Carenotes patient record system may still be affected.
A spokesman for Advanced told ‘i’ that the recovery process took “longer than expected” but backups from August 3 are available.
Documents from NELFT’s November board meeting show the trust has since reviewed the speed of its response to cyberattacks in monthly ‘tabletop’ exercises run by the NHS.
For most months, the Trust responded within the best practice time of 10 minutes, although in September of this year it responded within 22 minutes.
NELFT has been contacted for comment but has not responded at the time of publication.