NRS Healthcare experienced a cyber attack, but may have waited a month before informing potentially affected parties.
Councils across the UK are on alert after a health equipment supplier suffered a cybersecurity incident. amid warnings that there could be an impact upon data.
In a statement NRS Healthcare confirmed that it experienced a “cybersecurity incident” at the start of April and while this disrupted services and resulted in their website and phone lines being taken down, the company apologised and said it continues “to work tirelessly to restore full functionality safely and swiftly and to minimise disruption for service users, commissioners and prescribers.”
Taking Business Offline
The company said that upon identifying the cybersecurity incident, all systems were immediately taken offline and its business continuity plan was implemented.
“We are taking this incident very seriously,” the company said. “The NRS Healthcare team has been working tirelessly to restore our services following the cybersecurity incident. In parallel, external forensic IT specialists have been working to understand precisely what has happened, as quickly as possible.
“This is a complex process and NRS Healthcare will reach out to stakeholders when there is sufficient information.”
Local Warnings
However a number of councils have issued warnings about the potential impact of the incident, as NRS Healthcare is a provider of medical equipment and there could be a supply chain incident.
A Camden Council spokesperson told This is Local London that it is working alongside its partners to liaise with NRS about the attack, “and our data protection teams are closely monitoring the situation to establish what data, if any, has been compromised.”
Other councils such as Waltham Forest and East Lothian have issued caution instructions on suspicious emails and documents, while details from Buckinghamshire revealed on 7th May “that data had been taken during this attack.”
William Wright, CEO of Closed Door Security, noted the long delay between when the attack happened in early April to notifying customers and partners a month later. “This is a long delay, which potentially means residents across the UK have had their data lying in the hands of a dangerous ransomware group for many weeks,” he said.
“NRS Healthcare has a duty to provide information on this attack as a priority. If the data of councils across the UK has been compromised, these victims must be aware of this so they can take necessary steps to protect themselves online.”
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.