Incident Spotlights Vendor Risk and Criticality of Business Continuity Plans Marianne Kolbasuk McGee (HealthInfoSec) • August 8, 2022 A notice on the NHS Oxford Health website is warning the public of service problems linked to the 111 software outage.
The U.K. urgent healthcare helpline is in its fourth day of degraded service following a Thursday cyberattack against a key service provider.
The outage stems from Birmingham software vendor Advanced, which contracts with the British government to provide digital services for the NHS 111. The outage is expected to last at least until Tuesday at the earliest, reports U.K. news site Metro.
The incident, which forced the NHS to fall back on deploying its various business continuity processes, serves as a reminder for the healthcare sector to be prepared to deal with its own cybersecurity surprises and also with highly disruptive incidents involving critical third parties (see: Reports: NHS Dealing with IT Outages Due to Cyber Incident).
“Know your vendors. Know their vendors. Communicate with all of them regularly. Train side by side for emergencies,” says attorney Erik Weinick, co-founder of New York-based law firm Otterbourg’s privacy and cybersecurity practice.
“Ultimately, you are part of the same ‘network’ and what impacts one, impacts the others. Check your agreements. Understand who is