contact us

Use the form on the right to contact our team.

You can contact us to arrange a demo of PatientSource where we can show you what we can do to help your healthcare organisation.

We are always happy to hear from you and look forward to working with you.

Name *
Name

Cambridge
CB4 2UN

01223 851273

News

PatientSource's News and Blog

NHS hit with ransomware - PatientSource not affected

Dr Michael Brooks

At least 40 NHS Trusts and hundreds of GP Practices have shut down their IT systems after being hit with ransomware today (12th May 2017). We would like to reassure our users that PatientSource is immune to these attacks.

If you have unpatched Windows systems which are affected, please see below for instructions on how to recover from WannaCrypt.

Hospitals running PatientSource are still able to access their full PatientSource system. PatientSource is cross-platform and can accessed via any modern web browser, which means that even if all of a hospital's internal Windows computers are infected, their PatientSource system can still be accessed by their non-Windows computers, tablets and smartphones. PatientSource uses security-hardened Linux servers with daily patching so is not vulnerable.

It is safer to have patient data stored on professionally maintained, up to date cloud infrastructure, such as PatientSource hosted on Microsoft's Azure, than in on-premises hospital networks which may have unpatched vulnerable systems.

PatientSource is immune to WannaCrypt. Picture of the ransomware popup. Source: @fendifille (Twitter)

PatientSource is immune to WannaCrypt. Picture of the ransomware popup. Source: @fendifille (Twitter)

The outbreak:

The malware responsible for the 12th May ransomware outbreak was WannaCrypt (.WCRY). .WCRY was first seen in February 2017 in the wild in Europe. A second variant appeared today (12th May 2017) rapidly spreading across Europe. Telefonica, the Spanish ISP was particularly affected. At some point in the afternoon, WannaCryptor reached central NHS servers and began spreading to GP Practices and hospitals.

All versions of Windows and Windows Server which have not received Microsoft's March 2017 patch MS17-010 are vulnerable.

How WannaCrypt works:

WannaCrypt spreads across vulnerable Windows servers and terminals. Once a machine is infected, it begins encrypting files and folders which can only be recovered by decrypting them again with the correct key. WanaDeCryptor throws up a screen demanding a ransom paid in Bitcoins in order to obtain the key to decrypt your files.

Files are encrypted using the symmetric encryption cipher AES 128-bit. AES is the industry standard symmetric encryption technology, which at 128 bit key length would take even a supercomputer 1 billion billion years to crack. AES is a useful technology for protecting data from unauthorised access, however WannaCrypt abuses it to lock away files from their rightful owners until a ransom is paid.

The vector for spreading WannaCrypt is thought to be the Windows SMB (Server Message Block) protocol. SMB allows users to share files and folders across a network. Once the malware has reached a new Windows Server or Windows computer, it exploits a vulnerability in the Windows Malware Detection service to execute. The malware then begins searching the hard drives and shared network folders, encrypting any non-system file it encounters.

Affected operating systems:

  • Microsoft Windows: XP, Vista, 8, 8.1, 10
  • Windows Server: 2003, 2008, 2008 R2, 2012, 2012 R2, 2016

Why the NHS has been affected:

Much of the NHS still runs on-premises servers. With increasing pressure on NHS finances, many hospital Trusts do not have sufficient numbers of in-house IT staff to keep all their servers up to date with daily patches. Many NHS Trusts are running unsupported end-of-life operating systems such as Windows XP and Windows 2003 due to budgetary constraints.

It is much safer to keep patient data on an ISO27001 certified professionally-maintained cloud service such as PatientSource hosted on Microsoft’s Azure infrastructure, than on hospital premises where there may be unpatched systems. 

How to recover from a WannaCrypt attack:

You can restore your systems in the following manner (requires administrative privileges):

1) Reboot the affected Windows terminal or Server in "Safe Mode with Networking".

2) Download and apply the MS12 010 patch which was originally released in March. Windows Update will automatically fetch this for you if switched on.

3) Download and run Windows Defender. Fetch the latest definitions first which will pull in detections for Ransom: Win32/WannaCrypt. Run a full scan.

4) Reboot.

5) Restore your non-system files from your most recent backups, if you have them.

At the moment, there is no known flaw in the WannaCrypt encryption routine. Security researchers are working hard to find a flaw. If one is found, this may allow us to break the WannaCrypt encryption and provide a program for users to decrypt their affected files.

We advise you not to pay the ransom. Not only will paying the ransom fuel more crimes like the WannaCrypt outbreak, you are also likely to end up on a list of people who are willing to pay, thus will be targeted in future attacks.

 

Need help?

PatientSource Ltd is providing healthcare organisations with low-cost expert IT help to recover from ransomware attacks and to harden their systems against future attacks. Please Contact Us if you are affected. PatientSource systems are already immune to this attack.

 

Updated 2017-05-13 10:10 UTC: Amended the total number of NHS organisations affected. Added instructions for how to remove the ransomware.

PatientSource could save the average NHS Trust £16.5m per year

Hamilton Morrin

As the age of paper-based patient record systems comes to an end, a number of electronic patient record systems have emerged as potential alternatives. However, almost all to date have come with their own share of problems and difficulties which negatively impact upon the ability of healthcare professionals to provide the care that patients deserve on a day-to-day basis.

As PatientSource has been developed by doctors & nurses with years of experience in providing frontline care we believe that PatientSource avoids the pitfalls encountered by legacy electronic patient record systems through its intuitive nature and resemblance to traditional paper charts whilst also standing out due to its innovative cloud-based structure and tablet-compatibility.

What’s more, we estimate that PatientSource could potentially save the average NHS Trust £16.5m per year. That translates to ~4.7% of the average NHS Trust’s annual budget. If you’d like to learn more then feel free to visit www.patientsource.co.uk and check out our online demo!

Read More

PatientSource at EHI Live and Patient First 2015

Phil Ashworth

We've been very busy the last few weeks showing off our latest developments at the EHI Live and Patient First conferences in London and Birmingham. We're extremely grateful to our partners, Microsoft and Tech UK who hosted us during each of the two day conferences.

PatientSource in the Microsoft Partners' Village at EHI Live 2015

PatientSource brings all the benefits of Electronic Patient Records right to the bedside on tablet computers

At PatientFirst, our lead clinician Dr. Michael Brooks couldn't help but draw attention to himself as he showcased the user friendly clinical features.

Even Mr T wanted to get in on the action!


TechUK Interoperability Charter

Edward Moffett

PatientSource is committed to improving how healthcare data and is always looking for additional means to support data sharing. When we heard about TechUK's initiative to introduce an Interoperability Charter we were keen to demonstrate that we shared the values it espouses and were one of the first organisations to sign the charter. 

Suppliers will be committing to five key principles:

  1. We will make available to other suppliers, the NHS and Local Authorities, the technical specifications of our interfaces without charge.
  2. Where there is customer demand we agree to co-operate without charge with other suppliers in developing interfaces.
  3. We will not reinvent the wheel and will use internationally recognised standards where relevant.
  4. We will only charge reasonable and proportionate fees to the end user organisation for Licensing, Implementation and Support services required for the interfaces.
  5. Where new interfaces or enhancements to existing interfaces are required, we will not charge twice for the same software development.

In return for these new principles of interoperability we ask that the NHS and Local Government reciprocate by guaranteeing that: 

  1. Nationally defined interoperability standards are based on internationally recognised standards and upon pragmatic, real-world requirements driven by business needs, in partnership with appropriate industry bodies such as techUK.
  2. Where accreditation or compliance testing is deemed necessary it will be kept lighttouch, proportionate, open to all, adequately resourced, and free.

To find out more about the charter, please visit the TechUK website