Advanced, a major NHS IT provider, confirmed a ransomware attack on its IT systems. The attack was first detected at 07:00 BST on 4 August, and Advanced immediately took steps to keep the hackers at bay.
The NHS is the publicly funded health service in England and one of the four National Health Service systems in the United Kingdom.
Although the NHS insists the disruption remains minimal, Advanced did not specify whether NHS data had been stolen or whether it was negotiating with hackers or planning to pay a ransom.
The company said it was now working to restore compromised services. Advanced said it could take three to four weeks to fully recover, after previously stating that only a “small number of servers” had been affected and that it could recover in a week.
Products affected by the attack include Adastra, which is mainly used by the NHS 111 service, and Caresys and Carenotes, which form the backbone for care home services such as patient notes and visitor bookings.
The National Cyber Security Centre, which is part of GCHQ, claims it is working with Advanced to help it recover.
“Ransomware is the key cyber-threat facing the U.K. and all organizations should take immediate steps to limit risk by following our advice on how to put in place robust defences to protect their networks,” a spokesman said.