OneAdvanced already had its Page trophy dragged into the light: “changing lives”, “break barriers”, NHS 111 disruption, ransomware, medical records, home-entry details and the ICO finally remembering where it left its boots. But the crater is wider than Part One. Advanced’s Adastra software reportedly sat inside most of NHS 111. CareNotes left mental-health services carrying the weight. GP and urgent-care workarounds dragged the shiny digital future back toward Word documents, paper notes and admin penance. Before the ransomware hangover, there was Docman. OneAdvanced? No. TwoAdvanced. One for the glossy Page customer story. One for the public-care blast radius. Still not fucking secure enough to keep the NHS out of the crater.
The First Hit Was The Door
Part One was the front door. Page Outsourcing had the customer story. OneAdvanced had the brochure perfume. “Changing lives is at the heart of Page Outsourcing”. “Better Technology”, “Bettering Society”. “Responsible innovation”. “Removing barriers”. “Widening access to opportunities”. All the usual corporate hymn-sheet bollocks, arranged neatly on the table like nobody was about to vomit into the punch bowl.
Then the ransomware file walked in and pissed on the values buffet. NHS 111 disruption. Sensitive personal data taken. Medical records involved. Home-entry details for people receiving care at home caught in the blast radius. The ICO provisional fine. The final ICO penalty. The same regulator that can suddenly move like a watchdog when the scandal is NHS-shaped, while turning into a warm bowl of procedural custard when a disabled claimant asks whether Page buried the truth under redactions.
That was Part One. This is Part Two. The part where the crater gets measured properly, and the polite phrase “service disruption” gets dragged outside and shown what it actually means.
The Second Hit Is The Blast Radius
This is not a remix. This is the widening shot.
OneAdvanced was not just some random software firm that tripped over a server cable and bruised a helpdesk. Its software sat inside NHS 111, GP administration, mental-health records, urgent-care systems, care homes and hospices. That is not a “customer impact”. That is public-care dependency with a login screen.
When that kind of supplier goes down, the damage does not stay inside a dashboard. It leaks into call centres, clinics, GP hubs, mental-health teams, care providers, admin rooms and exhausted NHS staff trying to keep services moving while the shiny digital future lies face down in the corridor.
Page saw a customer story. TCAP saw software tentacles wrapped round vulnerable public services.
And then the ransomware hit.
85% Of NHS 111 Is Not A Broom Cupboard
Advanced’s Adastra software has been reported as being used by around 85% of NHS 111 services. Sit with that for a minute.
Eighty-five per cent.
That is not niche. That is not a tiny back-office tool in a broom cupboard next to a broken chair and a laminated fire-drill poster. That is a massive dependency inside a service people call when they are frightened, sick, unsure, in pain, spiralling, panicking or trying to decide whether the night is about to get much worse.
NHS 111 is not a corporate workflow. It is panic with a phone number. So when Advanced’s systems were hit in August 2022 and parts of NHS 111 suffered outage and disruption, the problem was not just software. It was the public being made to work around a crater in the wiring of care.
Page’s “break barriers” glow looks a bit different when the barrier being broken sits between a worried patient and functioning urgent-care infrastructure.
Word Documents And Paper-Note Penance
This is the bit that should be printed on every glossy healthcare-software brochure in blood-red ink.
During the outage, reports described NHS services having to work around the loss of systems. The polite version is “manual workarounds”. The human version is far nastier: paper notes, Word documents, re-keying, duplication, missing context and staff trying to keep clinical services upright while the software supplier’s clever infrastructure sat there like a dead fridge in a hospital corridor.
That is the digital transformation dream, apparently. A public-care system sold shiny software, then forced back toward Word documents and admin archaeology because ransomware kicked the platform in the teeth.
Imagine being an NHS worker already buried under workload, then having to do paper-note penance because a software supplier’s defences failed badly enough for a national regulator to come knocking. Imagine the clinical risk, the duplication, the delays, the missing context, the re-entry burden, the sheer grinding insult of being told technology will liberate you and then watching it turn into a fucking photocopier-era hostage situation.
OneAdvanced? TwoAdvanced. One system for the sales deck. One workaround for the poor bastards left holding the clipboard.
Mental-Health Records Left Coughing
The mental-health angle is grim.
The Guardian reported at the time that an internal NHS England memo said NHS 111, urgent treatment centres and some mental-health providers used software that had been taken offline, and that this created a significant challenge for those services. That is the sort of line public bodies use when the actual sentence is too ugly to print.
Mental-health services are not dealing with decorative data. They are dealing with risk, medication, crisis plans, safeguarding, history, vulnerability, trauma, relapse, self-harm risk, emergency contacts, community teams, inpatient context and people who may already be hanging on by their fingernails.
So when systems used by mental-health providers are offline, that is not just “inconvenience”. That is staff trying to operate with missing pieces of the person in front of them.
The corporate phrase is “service disruption”. The human phrase is “what the fuck do we not know because the system is down?”
Care Homes, Hospices And The Software Tentacles
The affected product list matters.
Adastra. CareNotes. Staffplan. Caresys. Crosscare. Software touching urgent care, mental-health records, staff planning, care homes, hospices and the day-to-day machinery of looking after people who may already be ill, old, vulnerable, dependent or dying.
That is the part Page’s customer-story glow does not want you staring at for too long. OneAdvanced was not selling a novelty app that tells you when your pizza is late. This was health and care infrastructure. The kind of software nobody outside the sector thinks about until it falls over and suddenly everyone discovers how much of public care was being propped up by private systems, private contracts and private-equity-shaped business language.
Hospices. Care homes. Mental-health providers. NHS 111. GP hubs.
That is not a customer list. That is a blast radius with patients in it.
Before Ransomware, There Was Docman
The ransomware attack was not the first time Advanced’s health-software estate had public-care consequences.
Before the ransomware hangover, there was Docman. Advanced acquired PCTI Solutions and its Docman product in 2018. Docman was described as maintaining huge volumes of records and documents for millions of patients across the UK. Then a problem with Docman v7 reportedly meant letters received through NHSmail and automatically scanned for addition to patient records were not uploaded, with around 6,000 GP practices using the electronic document transfer function affected.
Six thousand GP practices.
Again, not a broom cupboard.
Docman is the kind of system that sounds boring until it goes wrong. Scanned letters. Patient records. GP notes. The admin bloodstream that makes clinical care less blind. When that flow breaks, paperwork does not politely wait in a corner. It becomes missing information, delayed updates, extra checking and another pile of shit dumped onto primary care.
That is why Part Two matters. Because OneAdvanced is not just “the ransomware one”. It is a health-and-care software group whose systems were embedded deep enough that failure meant public services had to work around the wreckage.
The Private-Equity Care Machine
Now add the ownership smell.
Advanced was taken private by Vista Equity Partners in a huge deal, and BC Partners later took a major stake. The business later refreshed itself into OneAdvanced, because apparently when the old name is dragging a health-care software crater behind it, a new badge and a clean font can help everyone breathe through the shareholders’ meeting.
TCAP is not saying private equity caused the ransomware attack. Put the fainting couch away. That is not the allegation.
The point is simpler and uglier. Private equity loves sticky software. Public-sector software can be very sticky. Health and care systems are even stickier, because once a service depends on the software, ripping it out can feel like removing wiring from a hospital while the lights are still on.
Recurring revenue. Contract dependency. Public-sector customers. Transformation language. Cloud promises. Efficiency. Scale. Growth. Lovely.
Then the ransomware bill lands, and NHS staff are the ones doing the mop work.
The Clean-Up Bill Had Teeth
The clean-up was not pocket fluff.
Public company-summary material and filings have put the remediation and outage-credit costs in the tens of millions. Figures reported around the incident include approximately £18.2 million in 2023 and £9.4 million in 2024 for cyber-attack-related remediation and outage credits.
That is not a hiccup.
That is a crater with invoices.
A real incident leaves marks. Technical marks. Operational marks. Financial marks. Human marks. The Page version gives you “break barriers” and “responsible innovation”. The post-attack version gives you remediation spend, outage credits, regulators, NHS disruption, home-entry details, systems offline and staff doing practical damage control while the shiny software story bleeds through the floor.
You do not spend that kind of money cleaning up a sneeze.
You spend it because something went badly, expensively, publicly wrong.
The ICO Discount Counter
Then came the regulator theatre.
The ICO provisionally announced a fine of more than £6 million. Later, after a voluntary settlement, the final penalty came down to just over £3 million. The Register framed it bluntly: the ICO cut the Advanced ransomware fine in half after settlement.
Lovely.
A discount aisle for health-data failure.
The ICO can puff its chest, issue the stern words, talk about protecting sensitive personal information and then let the final figure land lighter than the first announcement. Fine. That is the system. That is how these things work. Everyone gets a process. Everyone gets mitigation. Everyone gets a room with polite chairs and the chance to make the number less embarrassing.
But let’s not pretend the public experience is the same as the corporate experience.
When a disabled claimant asks whether Page buried the truth under redactions, the watchdog drifts around like a sedated moth. When a major public-care supplier gets hit hard enough to threaten NHS-shaped wallpaper, suddenly there are statements, penalties and lessons for the sector.
Big scandal: boots on.
Disabled claimant: fuck off and fill another form.
“Break Barriers” Looks Different Now
Page’s OneAdvanced customer story used the language of opportunity and improvement. “Break barriers”. “Empower future leaders”. “Changing lives”. “Better Technology”. “Bettering Society”. It is the kind of values sludge that looks harmless until you hold it next to the incident file.
Then it starts to look obscene.
Because OneAdvanced did break barriers. Just not the ones the brochure wanted to sing about. The wrong barriers got broken: the barrier between ransomware criminals and health-care systems, the barrier between private software failure and public-service disruption, the barrier between sensitive care data and people who should never have got near it.
Page wanted a customer story.
TCAP found the second version.
OneAdvanced, now TwoAdvanced. One for the brochure. One for the crater.
The Page Partners Problem
This is the Page Partners problem in miniature.
Page keeps finding glossy customer stories and client profiles. TCAP keeps finding the thing under the gloss. Tobacco. Banks. Fintechs. Cartel-fined telecoms. Bribery-stained supermarkets. Beef-baron wallets. Memory-cartel chips. Ransomware-hit care software.
Different sectors. Same pattern.
Page sees prestige, customer stories, hiring trophies, client profiles and corporate glow. TCAP sees the supply chain of reputation: who they stand beside, who they polish, who they recruit for, who they amplify, who they put in the window and whose public files they apparently hope nobody reads.
OneAdvanced is not an accident in that pattern. It is one of the cleanest examples.
A Page trophy with a health-data crater behind it.
The Question For Page
Why OneAdvanced?
Why this customer story?
Why dress it up as breaking barriers when the public file now includes NHS 111 disruption, urgent-care disruption, mental-health provider disruption, sensitive personal data taken, medical records involved, home-entry details affected, ICO enforcement, a final penalty and a blast radius that reached deep into health and care?
Did anyone at Page ask about the care-software dependency before turning OneAdvanced into a shiny customer badge?
Did anyone ask what happens when health infrastructure gets sold as software transformation and then fails in ways that leave public services improvising?
Did anyone ask whether Page, of all fucking companies, should be waving data-trust customer stories around while its own DSAR conduct sits in the corner smelling like black marker and panic?
Or did Page just see a nice customer quote, a shiny software name and another chance to pretend recruitment and reputation live in separate rooms?
Because from here, it looks simple.
Page saw OneAdvanced.
TCAP saw TwoAdvanced.
One for the brochure.
One for the fucking crater.
The Closing Workaround
OneAdvanced can keep the rebrand. Page can keep the customer story. Vista and BC can keep the private-equity language about growth, cloud, scale and innovation.
Lovely.
But TCAP is not reading this like a software buyer. TCAP is reading it like a care-system autopsy with a login screen.
Part One was NHS 111.
Part Two is the blast radius.
Adastra. CareNotes. Staffplan. Caresys. Crosscare. Docman. GP practices. Mental-health providers. Care homes. Hospices. Home-entry details. Medical records. Word-document healthcare. Paper-note penance. A clean-up bill with teeth. An ICO discount counter. A Page customer story sitting there pretending the carpet is dry.
OneAdvanced?
Now TwoAdvanced.
One for the brochure.
One for the crater.
Still not fucking secure.
Unredacted.
Lee Thompson – Founder, The Cummins Accountability Project
Sources
- Page Outsourcing – Supporting our Customer OneAdvanced to Break Barriers and Empower Future Leaders
- TCAP – Page Partners : OneAdvanced – Break Barriers, Then Break NHS 111 (Part One)
- The Guardian – NHS IT firm faces £6m fine over medical records hack
- ICO – Provisional decision to impose £6m fine on software provider following 2022 ransomware attack that disrupted NHS and social care services
- ICO – Software provider fined £3m following 2022 ransomware attack
- The Register – ICO cuts Advanced ransomware fine in half after settlement
- BBC News – NHS 111 software outage confirmed as cyber-attack
- Digital Health – Client data exfiltrated in Advanced NHS cyber attack
- ITPro – GPs unable to fully access digital patient records after faulty update to IT platform
- Health Tech Newspaper – Advanced acquires Docman (5 July 2018)
- Companies House – ONEADVANCED GROUP LIMITED filing history
- Companies House – ASTON MIDCO LIMITED filing history