NHS cyber attack: views from the front line

Pharmacists working in different sectors across England give an account of how the NHS cyber attack affected them and how they coped.

hacking unlocked key ss 17

On Friday 12 May 2017, IT systems in 47 NHS trusts in England and 13 NHS organisations in Scotland came under attack. Malicious software, called WannaCry ransomware, locked computers and demanded a ransom to unlock them. Routine surgery and GP appointments were cancelled across the NHS as a result, and a number of trusts are still facing issues. The Pharmaceutical Journal spoke to pharmacists working across a variety of sectors to find out how the attack affected their service provision and what they did to manage the situation. (We contacted four NHS hospital trusts hit by the malware attack, but none were able to provide comment as they said they were still struggling to restore their IT systems.)

Tony Schofield, owner and pharmacist, Flagg Court pharmacy, South Shields

When we first became aware of the hack, after discussing on a Royal Pharmaceutical Society (RPS) local practice forum, we stopped accessing the NHS spine. That meant electronic prescriptions were suspended.

After discussion with the practices in the health centre, I agreed to take handwritten prescriptions on any paper they had and to treat them as ‘emergency supply, script to follow’. One of the practices had no green prescription forms on which to write.

Our IT supplier could not guarantee safety of N3, the national broadband network for the English NHS, and said we could access summary care records at our own risk. They, at that point, could not advise. So we used patient medication records to assist patients instead.

This morning, after confirming with our IT supplier that it was safe, we accessed the N3 link and made emergency supplies to patients using the summary care record. We got emails and a telephone call from Pharmicus, a medicines management company that provides pharmaceutical support to GP practices, guaranteeing prescriptions for all emergency supplies within 72 hours.

We now [15 May 2017] have a message indicating that practices will be online by 4pm but by 2:30pm we knew many practices were back online already.

Ash Soni, owner and pharmacist, Copes Pharmacy, London

The local surgeries implemented an immediate system shutdown. This meant that they were unable to deal with any repeat prescription requests. This led to patients being directed to us to help with their medicines. Given this was on Friday it caused even greater problems because it meant that the impact was effectively guaranteed for 72 hours rather than 24 hours. Additionally, we currently still run a minor ailments scheme and this also had higher levels of activity because the GPs directed people to us who were seeking appointments with the GP. Because this also impacted on their telephone system many people came to us from the surgery feeling confused, worried and, in some cases, angry, so the staff were having to manage a very stressful environment. I would like to pay tribute to the entire team for the way they handled the situation and wonder what would have happened if the pharmacy were not there and the staff not available to deal with these issues.

Roy Winston, pharmacist manager, Burntwood Pharmacy, Brentwood, Essex

We were informed about the cyber attack after a colleague returned from a visit to a local GP surgery to pick up repeat prescriptions around 3:15pm on Friday afternoon (12 May 2017). The surgery was instructed to shut down its computer systems and not to switch on anything until further notice. For the rest of the day, we began receiving handwritten prescriptions from some local surgeries. We received notification soon after from head office to remove our NHS smartcards from our computer systems to mitigate the risk of getting the virus. For the rest of the weekend, we had to issue a number of emergency supply medicines, and continued to receive handwritten prescriptions. We had to manage patients who were turned away at some GP surgeries as well. There were also a few repeat prescriptions from surgeries that went ‘missing’ and had to be re-issused, probably as a result of the cyber attack. As far as I know, at least one of our local surgeries was infected by the malware.

Dipti Gandhi, managing partner, Brigstock and South Norwood Medical Partnership

On Friday afternoon, around two hours before our surgery was due to close, we were informed that the NHS IT systems had been infected by a malicious software.

The GPs in the surgery who were mid flow were asked to switch off their computers, and any prescriptions had to be handwritten. Those patients who attended later had to be treated as emergencies and routine requests, including prescriptions, were deferred to Monday.

On the advice from NHS England and NHS Digital, we were instructed to switch off all our computers and not to switch them on again until instructed by IT colleagues at the NHS.

Fortunately, I personally did not have any patients to see that afternoon. However, there were still patients waiting to be seen by the GPs. We did what we could without any IT support. For example, we took drug history from patients because we had no access to electronic patient records.

Where patients had pre-booked appointments we did have to rebook them for this week and routine prescriptions have been busier on Monday and Tuesday this week.

Although there were minor inconveniences, I thought we were able to manage the situation well, unlike some NHS hospital trusts that were hit hard by the cyber attack. Since returning to work on Monday, our IT systems are fully restored and we have returned to normal business.

Nick Beavon, chief pharmacist, Wandsworth Clinical Commissioning Group

Wandsworth Clinical Commissioning Group was not affected and we have up-to-date software. I am not aware of any breaches in primary care in South West London. We took direction from NHS England, which was working with NHS Digital and, in turn, our IT departments, run by the North East London Commissioning Support Unit, issued direction. We took swift action and basically shut down the system until we were able to assess the risk. Additionally, our IT departments took appropriate action to ensure the appropriate updates and that patches were in place and we appear to be fine. Apart from some inconvenience for patients in primary care, GP practices activated their business continuity plans and switched over to paper-based systems in common with hospital procedures.

Alun Phillips, community pharmacist, co-owner of Phillips Chemist, Liverpool 

Friday afternoon is our busiest time, so imagine our consternation when we were told our local GP practices had disconnected themselves from external connections due to an NHS data breach. Within minutes our local pharmaceutical committee had emailed to encourage us not to connect to the NHS spine, the digital central point allowing key NHS online services and the exchange of information across local and national NHS systems. This, of course, left us with no access to electronic presciptions, summary care records or tracker. All of Liverpool’s GPs are running EMIS, which supplies electronic patient record systems and software used in primary care in England, so, although we were inconvenienced, they had no access to patient’s records, were unable to issue prescriptions and had to resort to pen and paper. Without access to records, it fell to us to supply details of patients’ medicines, and when previous prescriptions were issued.

We had a busy afternoon relaying patient medication details to local surgeries so they could issue prescriptions, fielding telephone calls from patients unable to get help from their surgeries, and making emergency supplies of prescription medicines to patients unable to collect their prescriptions.

Last updated
The Pharmaceutical Journal, PJ, May, Vol 298, No 7901;298(7901):DOI:10.1211/PJ.2017.20202794

You may also be interested in