Large pharmacy chains to set up ‘crisis team’ following cyber attack on NHS

Major pharmacy chains organise a co-ordinated response to NHS cyber attack, based on instant information sharing.

Boots chemist member of Company Chemists' Association

The Company Chemists’ Association (CCA), a trade body that represents multiple pharmacy chains in the UK, is planning to set up a ‘crisis team’ in the wake of the malware attack that hit the NHS on 12 May 2017.

Nanette Kerr, the chief executive officer of the CCA, which has some 50% market share of the pharmacy sector, held a conference call with IT staff from the large chains, including Boots, Lloyds and Well, on 15 May 2017 to discuss the impact of the attack.

In an interview with The Pharmaceutical Journal, Kerr said the call had confirmed that patient services were not affected by the attack but that a communications issue had been identified.

The problem with the attack was that individual IT staff at different pharmacy chains were working independently on the problem and there could have been more communication. A ‘crisis team’ would be a virtual group where information could be instantly shared and cascaded as “we are presuming this is not the last attack we will have [on the NHS],” Kerr said.

“Some companies were concerned about accessing the NHS spine [which supports the IT infrastructure for health and social care in England],” she added. “They stopped access until they had the all-clear from NHS Digital and most companies stopped NHSmail too.”

The National Pharmacy Association (NPA), which represents independent pharmacies, issued a statement advising pharmacies to be “on guard for unrecognised emails and not to click or open suspicious links or attachments”.

It advised anyone in doubt to contact their system supplier and ensure antivirus software was up to date.

According to the NPA, the Electronic Prescription Service (EPS) Release 2 and Summary Care Record (SCR) remain unaffected by the attack.

The Royal Pharmaceutical Society said in a statement on 12 May 2017: “This [attack] may affect community pharmacists particularly around electronic prescriptions. Please see our guidance on emergency supply and our mythbuster on emergency supply which we hope supports you over this difficult time.”

The attack used ransomware and has affected many NHS organisations in England. Organisations affected by the attack are unable to access their IT systems and some completely shut down their IT systems as a precautionary measure. It is believed that some 16 NHS organisations were affected.

Wales was unaffected by the attack. Carwyn Jones, first minister of Wales, said the attack had not affected their systems, partly due to the “resilience defences already in place”.

The Pharmaceutical Services Negotiating Committee, which represents pharmacy contractors in England, said: “Unless otherwise directed by their IT system supplier/helpdesk, pharmacy teams can continue to use EPS, SCR and NHSmail.”

NHS Digital said: “Our Data Security Centre continues to work around the clock alongside the National Cyber Security Centre, to support NHS organisations that have reported any issues related to this cyber-attack.”

Both Well and Lloydspharmacies have issued statements saying that they were not affected by the attacks.


Last updated
The Pharmaceutical Journal, PJ, May, Vol 298, No 7901;298(7901):DOI:10.1211/PJ.2017.20202786

You may also be interested in