Cyber attack on Ortivus' UK network impacts multiple NHS ambulance trusts' operations

Swedish medical technology solutions provider Ortivus said it suffered a significant cyber attack on 18th July that disrupted operations at several NHS ambulance trusts.

Founded in 1985, Ortivus is a leading provider of mobile digital solutions for prehospital care worldwide. The company’s flagship product, MobiMed, is used by over 12,000 paramedics in over 2,700 emergency vehicles and enables monitoring and measurement of patients’ vital parameters, such as ECG, blood pressure, and blood oxygenation in real-time.

Ortivus is headquartered in Danderyd, Stockholm, and since 1998 also runs a wholly-owned subsidiary based in the United Kingdom.

In a notice on its website, Ortivus said that it suffered a cyber attack on 18th July that affected its computer systems in the UK. The cyber attack, which affected parts of Ortivus’ internal network, forced it to perform certain operations manually.

“The electronic patient records are currently unavailable and are until further notice handled using manual systems. No other systems have been attacked and no customers outside of those in the hosted datacentre have been affected,” Ortivus said.

Ortivus has confirmed that no patients have been directly affected by the security incident.

“Ortivus are currently working in close collaboration with the affected customers to restore the systems and recover data. The affected customers are the ones using MobiMed ePR, electronic patient record systems in a hosted environment,” the company added.

According to The Register, at least two ambulance services in the UK, South Western Ambulance Service Trust and South Central Ambulance Service Trust, who used the MobiMed software since 2020, were affected by the cyber attack.

In a statement shared with the media, an NHS England spokesperson said, “We are aware of an incident affecting a small number of ambulance services. Our Cyber Security Operations Centre is working with affected organisations to investigate, alongside law enforcement colleagues, and supporting suppliers as they work to reconnect the system.”

In a separate notice, Ortivus said that it had readied an alternative software by 20th July and is now waiting for final approval from the NHS authorities to put it into operation.

“Ortivus can announce that the MobiMed ePR system that was hit by the previously reported cyber-attack is ready to be re-initiated for the affected customers as an interim live environment has been constructed using new equipment. 

 

“Before the system can be brought into operation it has to be approved and verified by an independent actor to ensure that the system meets certain criteria indicated by NHS England and the Ambulance Trusts,” the company said.

Ortivus said it has launched an investigation to identify the threat actor behind the cyber attack but did not share details on the nature of the security incident.

Commenting on the news, Javvad Malik, lead security awareness advocate at KnowBe4, said, “This isn’t the first time the NHS or healthcare providers in the UK have suffered because of a cyber attack. It highlights the ongoing importance of healthcare providers investing in robust and resilient cybersecurity controls.

“In many healthcare organisations around the world, cybersecurity is often not a priority, however, the impact of any attack is extremely profound. In most cases, we see cyber attacks being successful through either phishing emails, unpatched software being exploited, or weak credentials such as reused or easily guessable passwords or the lack of multi-factor authentication.

“If healthcare providers focused on these as a priority, it would prevent the vast majority of attacks,” Malik added.