A cyberattack that has caused a major outage of NHS IT systems is expected to last for more than three weeks, leaving doctors unable to see patients’ notes, The Rustwire has learned.
Mental health trusts across the country will be left unable to access patient notes for weeks, and possibly months.
Oxford Health NHS Foundation Trust has declared a critical incident over the outage, which is believed to affect dozens of trusts, and has told staff it is putting emergency plans in place.
One NHS trust chief said the situation could possibly last for “months” with several mental health trusts, and there was concern among leaders that the problem is not being prioritised.
In an email to staff, Oxford Health NHS Foundation Trust chief executive Nick Broughton, said: “The cyberattack targeted systems used to refer patients for care, including ambulances being dispatched, out of hours appointment bookings, triage, out of hours care, emergency prescriptions and safety alerts. It also targeted the finance system used by the trust.
“We have now been advised that we should prepare for a system outage that could continue for two weeks for Adastra and possibly longer than three weeks for Carenotes.”
The note to staff on Tuesday added that the impact on services had, and would continue to be, “considerable” in the days ahead.
It added: “Recovery from this cyberattack will take a huge amount of work and effort and plans are being drawn up to manage this.”
The trust said staff had cancelled leave and worked through the night to try and resolve the problems.
The Rustwire understands several similar notes have been shared with staff across other hospitals, with dozens of trusts impacted.
An NHS director said: “The whole thing is down. It’s really alarming…we’re carrying a lot of risk as a result of it because you can’t get records and details of assessments, prescribing, key observations, medical mental health act observations. You can’t see any of it…Staff are going to have to write everything down and input it later.”
They added: “There is increased risk to patients. We’re finding it hard to discharge people, for example to housing providers, because we can’t access records.”
Last week it was revealed NHS 111 and GP out of hours services had been hit by a cyberattack on systems provided by Advanced called Adastra and Carenotes.
Carenotes is used by community mental health and child health services and The Rustwire has been told by several sources around 30 NHS trusts are likely to have been affected.
On Friday, Advanced’s chief operating officer Simon Short confirmed the incident was related to a cyberattack and said the company had taken action to contain the attack, adding that “no further issues have been detected”.
Oxford Health FT told staff it was taking “daily calls” with leaders across the region to put plans in place to mitigate the impact.
One doctor in London said they had been told the outage could even last for “months” and that clinicians are unable to access or update their patients’ notes.
Another senior medic warned: “The risk stems from the inability of healthcare staff to access current risk assessments on patients and past psychiatric history.
“In a chronically underfunded area of medicine, the resources are directed towards immediate risk management – this can only be done effectively if clinicians can triage individual patients on the basis of the known history and current risk assessment.”
According to reports in Pulse magazine, last week GPs in London were warned they may see a rush of patients sent by NHS 111 due to a “significant technical issue” and “system outage”.
The news follows a major IT crash at Guy’s and St Thomas’ NHS Foundation Trust in London that left clinicians without access to patients’ records and forced the trust to cancel patients’ appointments for days.
An NHS spokesperson said: “While Advanced work to resolve their software problems, tried and tested contingency plans are in place across local health systems so the public should continue to use the NHS as normal.”