The nationally run health service email system NHSmail suffered a complete outage on Saturday which left all 1.2 million staff without access to their email accounts.
From lunchtime on Saturday staff were frozen out of the accounts and prompted for their password, with many of them locked out after making multiple login attempts.
The national NHSmail system, managed by Accenture, handles both email and is certified as secure to handle patient-identifiable data. The service is delivered using a version of the Office 365 platform.
Digital Health News understands staff were left unable to log-in on Saturday following what NHS Digital termed ‘internal software issues’.
NHS Digital, the agency responsible for the national run email service, blamed the ‘severity 1’ problem on a software issue and said the problem began at midday with access to all accounts being restored by 8pm on Saturday.
The CCIO for health and social care and the senior responsible officer for NHSmail, Dr Simon Eccles, said during the outage: “NHSmail is completely down on all platforms. This is exceptionally unusual. The team and supplier are investigating.”
In a statement to Digital Health, NHS Digital said: “The issue was not cyber-related and was caused by issues within the supplier’s internal infrastructure”.
the agency added: “We are not aware of any patient harm caused by this problem”.
The supplier for the service is consulting firm Accenture, which delivers NHSmail and associated messaging and collaboration tools using a limited version of Microsoft Office365.
Many in the health service have questioned why the NHS centrally pays the costs of a sub-set of Office365 while leaving trusts to pick up the costs of licensing the rest of Microsoft desktop of server products. The suggestion is that significant efficiency and productivity savings could instead be achieved through a national licensing deal.
In a statement on its website Monday morning NHS Digital said: “We can confirm that all accounts identified as having been locked out as a result of multiple login attempts were unlocked by 10.30pm last night”.
The agency said in a statement: “We apologise for the inconvenience caused and worked to resolve the issue as soon as possible, which was caused by an internal issue with the supplier’s software. A full post-incident review will be conducted to ensure appropriate lessons are learned.”
In January 2017, the NHSmail systems was crashed by #replyallgate when a member of staff used an ‘undocumented feature’ to reply-all to everyone on NHSmail, creating 500 million emails in less than two hours.
Earlier versions of the article stated that the problem was created by switching on new spoofing controls, this was incorrect the new spoofing controls were not the cause but did it more difficult for local administrators to restore access to accounts where people had been frozen out and as a result had to be switched off.
Share this post if you enjoyed! 🙂