GP practices worked through the weekend to restore computer systems and install software patches to boost IT security after the attack, understood to have been triggered by a form of malware named by NHS Digital as 'Wanna Decryptor'.
GPonline reported on Friday that the UK's largest GP IT systems supplier EMIS had reported that there was no evidence to suggest patient data had been compromised in its systems. System supplier TPP also reported that there was 'no evidence to suggest that SystmOne or SystmOnline have been affected'.
However, practices in many areas have been forced to operate without access to IT systems after switching systems off to protect them against the cyber attack.
RCGP chair Professor Helen Stokes-Lampard said GPs and practice teams were 'doing whatever is within our power locally to minimise disruption' to ensure that services were as close as possible to 'business as usual' on Monday.
Many GPs were in their practices on Sunday 'trying to reboot computer systems and install updated software to avoid overloading servers at the start of the week', she added.
The RCGP has issued guidance for practices, which you can access below. NHS Digital has also issued technical advice on how to install software patches to improve cyber security for at-risk NHS organisations.
- RCGP advice for GP practices following cyber attack
- RCGP template encounter record for computer system failure
- RCGP cyber attack notice for patients
- RCGP cyber attack notice for staff and healthcare professionals
NHS Digital guidance
- Information explaining patches to protect against cyber attack, FAQs and technical guidance on reconnecting to networks
Medico-legal advice for GPs
Meanwhile, the MDDUS advised doctors affected by the ransomware attack to apply ‘common sense principles’ when treating patients without access to computerised or other medical records.
'Doctors are advised to revert to time-honoured methods of noting a detailed history by making hand-written records, ensuring they are accurate, legible, contemporaneous, timed and dated,’ said MDDUS joint head of medical division Dr John Holden
'Once their IT system has been restored, the hand-written note should be recorded within the patient’s electronic records, including the time and date of the original note, as well as the time and date it is uploaded. We would also advise that the paper records be retained and scanned to the electronic record.
'Given the absence of past medical history, doctors should take extra care to double check any relevant medical information with their patients and document these discussions.’
Doctors should also prescribe for the minimum period necessary, unless they are able to sufficiently verify the drug history, Dr Holden added.