Date published: 21 April, 2023
Date last updated: 21 April, 2023
Emergency Preparedness, Resilience and Response

NHS England business continuity management toolkit case study: catering supplier – cyber attack

Organisation: NHS including health and social care
Incident: Catering supplier – cyber attack

What happened

Over the weekend of 25/26 June 2022, the XXXX group that provides patient bulk meals services to health and social care, became a victim of a sophisticated criminal cyber-attack. This impacted the supplier’s, IT systems and severely hampered their ability to produce and deliver patient bulk meals.

The impact of the cyber-attack to health and social care created a potential risk not being able to provide meals to patients at trusts including home deliveries. The disruption was felt across England and in turn resulted in NHS organisations enacting their business continuity plans.

During the disruption NHS organisations utilised their site-specific business continuity plans to ensure meal services continued to be delivered. This resulted in a change to meal menus for some patients. In addition, trusts reported that contingency suppliers were identified for Utilisation, if required, to ensure meal services continued.

NHS organisations started to stockpile food to ensure there was a contingency supply of food of 4 – 10 days.

Where limited space was available a provisional change to menus was implemented, menus were not reduced, but alternative options were made available.

In certain regions supplies were shared between sites, as required. This enabled impacted organisations to continue to deliver meals without impacting patients.

Action taken

  • Site specific plans activated.
  • Alternative food options were taken to ensure that a full menu could be provided.
  • Communication with NHS England regional colleagues where appropriate.
  • Food stored at neighbouring sites shared.

Lessons identified

  • Some colleagues were unaware of the location of the site-specific plans – issue communication to all colleagues/teams where plans are stored and what they are used for.
  • Identified mutual aid relationships across localities that will be used going forwards.
  • Communicating with health commissioners and working collaboratively, to ensure patients are not impacted because of the cyber-attack.
  • Trusts had good contingency arrangements.
  • The supplier positively engaged with National NHS England Incident Management Team, identifying potential issues and resolutions.
Date published: 21 April, 2023
Date last updated: 21 April, 2023