Connect with us


NHS cyber attack: The patient records which may never be found

Avatar photo



A total of 12 mental health trusts have reported that they still can’t access patient records, months after the latest cyber attack on the NHS. Is it looking like some records won’t be recovered?

There are 12 mental health trusts which are still unable to access important patient data as a result of the huge August cyber attacks on the NHS.

Despite now being close to November, the aftermath of the attacks, which shook ambulance dispatch, the 111 line, and patient prescriptions, is still very much evident, and is still affecting both patients and professionals. 

As reported by Health Tech World – the biggest cyber attack since Wannacry hit at the end of the summer, prompting calls for “urgent” increases in security. 

Despite the fact that experts warned the attacks will “just keep coming” unless more money is spent on security, there’s been no sign of this happening so far. 

Patient records  – the aftermath 

As it turns out, the trust which are dependent on CareNotes EPR software have been unable to use the system since the attack – and it’s left them with a wall between them and patient records. 

Though it has been reported it may become accessible in 2023, there is now doubt over whether or not patient records will be redeemed at all. 

The trusts which use the software, and therefore can’t access records, are:

The 12 trusts that had been running CareNotes are: 

  • South London and Maudsley NHS Foundation Trust 
  • Coventry and Warwickshire Partnership NHS Trust 
  • Camden and Islington NHS Foundation Trust
  • Mersey Care NHS Foundation Trust 
  • Cheshire and Wirral Partnership NHS Foundation Trust 
  • Devon Partnership NHS Trust 
  • Oxford Health NHS Foundation Trust 
  • Tavistock and Portman NHS Foundation Trust 
  • Camden and Islington NHS Foundation Trust 
  • Herefordshire and Worcestershire Health and Care NHS Trust 
  • Sussex Partnership NHS Foundation Trust
  • Norfolk and Suffolk NHS Foundation Trust 

From “serious” to “critical”

Meeting board papers from Oxford Health NHS Foundation Trust mention the loss of CareNotes access from early August. Though it was first classed as a “serious incident”, it has since been increased to “critical”.

And papers from Camden and Islington NHS Foundation Trust read: “From early August, the Trust’s electronic patient record, known as CareNotes, has not been available.

“This is part of a wider national issue with the system provider, Advanced, being subject to a ransomware attack, which led to a national decision to suspend many of the systems it provides across the NHS and beyond.

“This incident has affected many other NHS organisations nationally and is being coordinated by NHS England at national level.” 

Patient health at risk 

The disruption has resulted in more than lost patient data. There have also been reports of incorrect drug doses, and disruption to regular prescriptions. Patient health, and as some have even said, patient lives are at risk. 

That’s not to mention the staff at the NHS who are already crippled under demand and lack of professionals, who were then forced to deal with huge disruption and uncertainty. 

Digital forensics expert Eliza-May Austin said she was sure the attacks would mean a risk to human life. 

She said: “There are a number of incentives to attack healthcare, whether it’s damage and disruption to people and services, loss of life or data theft –  the medical sector is a highly sought-after industry for exploitation. 

“If an attacker were to successfully compromise hospital networks or the systems they rely on there’s a risk that it could lead to a loss of life.”

Don’t miss…

Ready patient one: The healthcare metaverse is coming

Continue Reading


  1. Pingback: Orion Health appoints new global chief executive | Health Tech World

  2. Pingback: Our plan for patients’ is also a plan for GPs | Health Tech World

  3. Pingback: Imprivata honours healthcare leaders and innovators at HealthCon

  4. Pingback: Brainomix teams up with Pixyl to expand MS offering

  5. Pingback: OpenRad launches Enterprise remote reporting platform

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending stories