Adastra Security Incident Updates

Status Update - 29th Sept 2022

Adastra now has 78% of all hosted sites back online. We continue to work with customers to ensure a smooth reconnection process and restore Adastra's remaining features.


 

Status Update - 16th Sept 2022

Adastra now has more than 50% of sites back online with another 21 booked for testing over the next two weeks. We are working with these customers to ensure a smooth reconnection process and are addressing any issues as they arise. 

Alongside the reconnection of all NHS 111 services in England, some of our Adastra OOH Customers have started to reconnect, and we continue to work with those providers to plan for reconnection. OOH providers who have Board Approval to reconnect should raise a ticket with our Customer Support Team to request a reconnection slot.


 

Status Update - 2nd Sept 2022

Since Monday 22 August we have been making good progress with bringing Adastra customers back online. 

The order in which we have approached this was set by the NHS England EPRR Incident Management Team who communicated this to all users. 

We now have 14 customers live with a further 4 in testing completing the restoration for NHS 111 in England. 

For Scotland NHS we have ongoing discussions about the restoration of their services. 

Alongside the reconnection of NHS 111 services in England some of our Adastra OOH Customers have started to reconnect and we continue to work with those providers to plan for reconnection.  OOH providers who have Board Approval to reconnect should raise a ticket with our Customer Support Team to request a reconnection slot.


 

Status Update - 19th Aug 2022

Recovery Update

For NHS 111 customers using Adastra we have now completed our internal security assurance activity and will be sharing evidence with NHS and NCSC for review. Once the evidence provides a high confidence level this will be communicated through via the NHS England EPRR incident management team and customers will be able to reconnect in line with the process set out by NHS England. Monday next week we will be moving forward with the phased process of bringing these organisations back online. The order in which providers reconnect to Adastra is being set by the NHS England EPRR Incident Management Team, which has communicated its process to all relevant users.  For our Adastra OOH Customers, we will be working to share a more detailed recovery plan next week.

Forensic Investigation

Our forensic investigation is progressing in line with our timeline and plan. We are now building a much clearer picture of the incident’s root-cause and will soon be in a position to confirm and share Indicators of Compromise (IOCs) with customers on request. In parallel, our third-party experts are well advanced in their investigation into any potential data impact as a result of the incident. We will update customers as appropriate and comply with any applicable notification obligations.

We recognise that this has been a challenging time for our customers, and we appreciate your patience and understanding as we work to recover from this attack. We continue to prioritise the safety and security in all of our decision making and are approaching this restoration process with diligence and rigour.


 

 

Status Update - 15th Aug 2022

We have continued to work over the weekend and today to move towards the phased return of NHS 111 services and are in the final stages of providing the NHS and the NCSC with the necessary assurances to restore services.

Our restoration efforts related to Adastra OOH, as well as Adastra Wales and Scotland are also moving forward. We are making progress rebuilding certain infrastructure that will be critical to bringing these services back online, including close collaboration with relevant NHS security teams.

Once again, to recap our ongoing efforts, we have implemented a defined process by which all environments will be systematically checked prior to securely bringing them online. This process includes:

  • Implementing additional blocking rules and further restricting privileged accounts for Advanced staff;
  • Scanning all impacted systems and ensuring they are fully patched;
  • Resetting credentials;
  • Deploying additional endpoint detection and response agents; and
  • Conducting 24/7 monitoring.

Once these measures have been taken, we will bring environments online and assist customers in reconnecting safely and securely as part of a phased return to service.

For our non-hosted Adastra customers the software architecture has not changed.  There have been no security updates required by the application and so there is no need for non-hosted Adastra customers to upgrade, patch or alter any existing installations at this time.


 

Status Update - 12th Aug 2022

We believe we are still on track for the phased return of NHS 111 to service to begin in the next few days.

Our forensic investigation into the Adastra infrastructure is still ongoing. We are currently testing our 111 backend rebuild and continue to work with the NHSE and NCSC to complete the final necessary steps before restoring service.

As we continue to progress, the phased manner in which we will stand up NHS 111 services will be guided by a prioritisation we will agree with the NHS.

Our restoration efforts related to Adastra OOH, as well as Adastra Wales and Scotland continue to progress, and we are rebuilding certain infrastructure that will be critical to bringing these services back online.

Once again, to recap our ongoing efforts, we have implemented a defined process by which all environments will be systematically checked prior to securely bringing them online. This process includes:

  • Implementing additional blocking rules and further restricting privileged accounts for Advanced staff;
  • Scanning all impacted systems and ensuring they are fully patched;
  • Resetting credentials;
  • Deploying additional endpoint detection and response agents; and
  • Conducting 24/7 monitoring.

Once these measures have been taken, we will bring environments online and assist customers in reconnecting safely and securely as part of a phased return to service.

For NHS 111 we anticipate the phased return to service will begin in the next few days. 


 

Status Update - 11th Aug 2022

Our forensic investigation into the Adastra infrastructure is ongoing. As an initial milestone, our rebuild of the Adastra 111 backend is complete, and we are currently working with the NHSE and NCSC to complete the final steps on assurance before restoring service.

The phasing in which we will stand up NHS 111 services has been identified based on the prioritisation we have been provided with by the NHS.

We are also making progress on our restoration efforts related to Adastra OOH, as well as Adastra Wales and Scotland, and are rebuilding certain infrastructure that will be critical to bringing these services back online.

To recap yesterday’s update, we have also implemented a defined process by which all environments will be systematically checked prior to securely bringing them online. This process includes:

  • Implementing additional blocking rules and further restricting privileged accounts for Advanced staff;
  • Scanning all impacted systems and ensuring they are fully patched;
  • Resetting credentials;
  • Deploying additional endpoint detection and response agents; and
  • Conducting 24/7 monitoring.

Once these measures have been taken, we will bring environments online and assist customers in reconnecting safely and securely as part of a phased return to service.

For NHS 111 and other Adastra customers, we anticipate the phased return to service to begin in the next few days.

If you do have any specific questions please contact Advanced in the regular way either via your Account Manager or Support Team.