Cyber-attack: one week on

Posted by Steve Marriott on 19-May-2017 13:48:30


This time last week reports were coming in of a major cyber-attack on the NHS. Nearly all GP practices using Vision were unaffected due to established security measures.

Vision provides a hosted service that is used by over 80% of its GP customers in England and all GPs using the system in Wales. The services are built to the highest standard required by the NHS to protect patient data from cyber-attacks.

During the recent WannaCry cyber-attack Vision's security policies protected hundreds of thousands of patient records and allowed the GP practices using the hosting services to continue working, where local infrastructure had not been compromised. This allowed GPs to continue with their normal activities with minimal risk and disruption to patient care.

Emergency measures

Jeff Pike, Vision's Director of Enterprise Solutions, described the company's response; "During the initial outbreak, we acted quickly to implement emergency measures to isolate the hosted services from potential sources of infection as part of our Cyber Defence and Major Incident policies. Although we were confident existing measures would have stopped the virus spreading, at the time it was not clear how it was spreading. In fact, we had to treat this as a 'zero day exploit' until we knew more about it. 'Zero day exploits' are viruses that have not been identified by software vendors or anti-virus companies, and therefore have no known mitigation.

We looked at all possible sources of infection and closed them within one hour of learning about the attack, whilst maintaining GP access to clinical data so they could run their surgeries. As time went on we learned the source of the attack was the WannaCry virus. Knowing this allowed us to target our response and quickly remove any restrictions.

By Monday 15th May we had a full service in Wales and the English service followed quickly. Where local workstations had not been affected GPs had access to the hosted service and more importantly patient data."

Robust and resilient hosted services, that are managed centrally by network and security experts, offer many benefits to GP practices including the best possible protection against malicious attacks.

Vision Anywhere - not just for mobile access

Vision Anywhere is the innovative app for iPhones and iPads, Android devices and Windows that is primarily designed for mobile working. It also offers an alternative route to view and add to patient records, and prescribe too, if the main clinical system at the practice is unavailable. We noticed that on Friday 12th May (the day of the cyber-attack) Vision Anywhere had its busiest day ever, with more than twice as many practices as normal using the app during the day.

To find out how to start using Vision Anywhere, either for mobile access to records or as a business continuity solution, please click the link below.

Get started with Vision Anywhere


Most articles claim 90% of phishing attacks are due to malicious email attachments where users are tricked into opening the attachment, which installs or downloads the virus. This was not the case with WannaCry and there was no way an NHS end-user could have avoided this if their local IT infrastructure was on an old operating system or anti-virus libraries were not up to date.

Our advice about malicious emails is still good advice: Be vigilant. Don't open suspicious emails from people you don't recognise and don't open any attachments within them.

Topics: Mobile Working, Security

Introduction to Population Level Healthcare Management

Search Vision

Recent Posts

Subscribe to our Blog