A complete outage of the NHS’s email system on Saturday has been blamed on provider Accenture, with the company now facing a substantial fine from regulators.
The outage of the NHSmail system, which is run by the company on behalf of NHS Digital, was first reported by the Health Service Journal (HSJ).
It lasted six hours, with redundancy features failing to kick in. NHS Digital blamed “a software issue in the supplier’s internal infrastructure”.
NHS Chief Clinical Information Officer Simon Eccles confirmed the outage on Twitter over the weekend, describing it as “exceptionally unusual”.
NHSmail is completely down on all platforms. This is exceptionally unusual. The team and supplier are investigating. Updates via @NHSDigital https://t.co/Olh1Yuw6EA
— Simon Eccles (@NHSCCIO) December 1, 2018
Content from our partners
Accenture won a £60 million contract to run NHSmail in 2015 and has been running it since 2016. HSJ ascribed the outage to a software update.
Computer Business Review has contacted both NHS Digital and Accenture for further comment and will update this story with their responses.
NHS Email: Office 365 “Hybrid” Being Rolled Out
NHS Digital recently started working with Microsoft to provide a hybrid version of Office 365 (O365) that integrates with Accenture’s NHSmail.
Computer Business Review has asked NHS Digital to clarify why it chose to move to the “hybrid” email system, meaning it is paying for email twice.
NHSmail will be synchronised with Microsoft Azure Active Directory (Azure AD) to enable O365 services, NHS Digital said. Both the core NHSmail Services and the NHSmail Office 365 Hybrid Service are funded [pdf] until June 2021.
See also: NHS Digital: “20 Cybersecurity Experts? We’re Fine”
Gareth Lewis, Head of Public Sector and Defence at Mimecast, which provides email resilience services, said in an emailed statement: “As the NHS looks to move to Office 365, it may be the right time to consider the resilience options for all cloud services.”
“Email is important for every organisation, but even more so when critical and timely information is being shared that can disrupt clinicians’ workflows and patient care.”
He added: “No-one will argue against security updates to help fight growth of email impersonation attacks but this NHSmail outage is a clear reminder that IT can always go wrong. This is why there needs to be plan B for when a primary email provider goes down. Otherwise, there’s also risk employees could use unsanctioned tools to get the job done. All organisations need a robust continuity plan for email so it stays up and running regardless of any future incidents.”
