Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

NHS at risk of cyber breach following Capita outage

Fears of a data breach at the UK’s National Health Service (NHS) have erupted after computer systems at third-party provider Capita went down.

user icon Daniel Croft
Mon, 03 Apr 2023
NHS at risk of cyber breach following Capita outage
expand image

The outage meant that staff from Capita had been prevented from accessing its systems for days.

Capita is a major government supplier, contracted to provide £6.5bn (just under A$12bn) in services to the public sector, including healthcare services and army recruitment.

This has raised concerns as both the UK military and NHS outsource crucial operations to Capita, meaning both may have been compromised.

============
============

Capita has begun an investigation into the incident but is yet to identify the cause. It has not yet confirmed or denied whether it believes that this has been caused by a cyber-attack.

“Following a technical problem which has affected access to some of our services today, we can confirm that we have identified an IT issue that is primarily impacting our internal systems,” the company said in a post on Twitter.

“We are working to swiftly restore those services that have been affected and will issue a further update in due course.”

According to Capita staff, systems went down at 4 am on Friday, but the issue was only discovered at 7 am when staff began attempts to log on. Capita informed staff of the issue formally at 8:45 am.

“We are urgently investigating this and will provide you with an update shortly. Please do not attempt to access via VPN or submit password recovery requests,” staff were told in an email. According to one anonymous staff member, attempts to log in returned a password incorrect message.

The outage is primarily affecting systems relating to the Office365 suite, including email and teams meetings. Client systems remained unchanged.

In another statement, Capita said that it “would like to reassure any customers whose services have been affected that we are making good progress and working closely with our technical partners to swiftly resolve the issues.”

The Capita breach is the latest incident that outlines the importance of screening third-party service providers and ensuring their security standards are up to scratch, particularly in the case of critical infrastructure.

As Vice-president for Asia-Pacific and Japan for BlueVoyant, Sumit Bansal, supply chain attacks are on the rise in Australia.

“We have been hit with a series of supply breaches over the past few weeks with Latitude Financial and The Good Guys, and it’s a reminder that these companies are not the only ones to be negatively impacted by a breach related to a third party, and most likely will not be the last.”

Bansal advises that organisations protect their data with multi-layered security solutions to cover all bases.

“The best way for organisations to protect their data is with defence in depth. When different cyber security defences are layered, it makes it more difficult for cyber attackers to access sensitive systems and data,” he said.

“By continuously monitoring both internal networks and third parties, having access control, plus good cyber hygiene, like multi-factor authentication, companies can make it more difficult for attackers to gain access.”

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.