Ortivus is a Swedish based provider of cloud based software for the health industry. Since 18 July it has been investigating a cyber security incident which has impacted a number of its services.
These include the patient and transport information solution used by South Western Ambulance Service Trust and South Central Ambulance Service Trust – forcing staff there to use a “paper based” system.
UK ambulance services disrupted by infosec fiends • The Register
Investigations and mitigations are ongoing. There is no word whether patient or client data has been stolen.
Your takeaway from this
The report outlines how Ortivus has brought online an alternative system for customer business continuity – there is some delay with integration and NHS approval – but an alternative is being worked on. The Trusts are still operating – albeit less efficiently.
So everyone seems to have had an incident response/business continuity plan in place. Although it looks like the Ortivus plan needed a bit more testing and a pre-approval process in place to speed the responses up.
And that is your takeaway – you need an incident response/business continuity plan and you might need to use it because, not you but a supplier suffers a cyber incident…
…and you need to test it, adapt and then retest so when you need it, it works.
We test ours:
Clive Catton MSc (Cyber Security) – by-line and other articles