Council told restaurants to switch to deliveries during pandemic – but many were booted off Deliveroo and Uber Eats after cyber attack wiped food safety scores
Hackney Council encouraged struggling restaurants to sign up for delivery services when the Covid-19 pandemic brought the hospitality sector to its knees – but many were kicked off Deliveroo and Uber Eats when the cyber attack left them unable to upload food hygiene scores.
The attack wiped the council’s premises management database and crippled the licensing team’s ability to inspect restaurants, respond to complaints, and complete legally-required submissions to the Food Standards Authority (FSA).
A report presented to the council’s corporate committee last week laid bare the “devastating” impact of last October’s ransomware attack on the environmental health service – with licensing boss Gerry McCarthy admitting that work was at a “standstill” in the immediate aftermath.
It read: “The cyber attack had devastating consequences on the environmental health service’s ability to deliver an effective service during the pandemic.
“For a short period of time the service remained at standstill due all our procedures, policies, premises database and premises history being unavailable.
“Many businesses permitted to trade during the restrictions attempted to register their businesses with online delivery platforms such as Deliveroo and Uber Eats.
“Unfortunately, due to the cyber attack Hackney were unable to upload scores to the food hygiene rating scheme website, which subsequently led to businesses being removed from online delivery platforms which resulted in numerous complaints against the service.”
The attack came after the council website urged restaurants to pivot to delivery models in accordance with government reopening guidance.
The guidance suggested that restaurants would find it easier to reopen during lockdown if they “encourage customers to order online, on apps or over the telephone”.
An IT workaround eventually allowed for the upload of weekly data to the FSA website – but insiders fear normal service won’t resume until 2023/24.
The attack created a backlog of over 800 inspections, wiped all historic intervention data, and erased hygiene complaints from residents.
Rebuilding the database will mean reinspecting every one of Hackney’s restaurants – but McCarthy warned the backlog “cannot be addressed” without hiring more staff.
He wrote: “It is evident the current staffing levels required bolstering to meet the demands placed on the service in the next two years.
“It is predicted, due to the cyber attack and the pandemic, the service may not make a full recovery until 2023/24 due to the work required to rebuild a food premises database, inspect all newly registered businesses within 28 days, inspecting overdue premises from 2019/20 and 2020/21 with reduced resources.
“Unless additional resources are made available, significant numbers of unrated premises may not be inspected within 28 days, broadly compliant premises may remain un-inspected in 2021/2022 and this will have a knock on effect for 2022/23 when we will have a backlog of inspections accumulated from this financial year.
“Given the existing constrained staffing resources, it may not be possible to carry out all inspections due, including the backlogs. Unless additional resources are made available the numbers of backlog of inspection will increase.”
He estimated that at least four more employees could be needed to meet the minimum requirements of the council’s food safety plan – and warned that staff cuts and “continuous” pressure to find savings were hindering efforts to deliver an effective service.
He added: “The continuous need to find savings from the service will also have a bearing on the effective delivery of this service.
“In the 2017 restructuring of the service, the staffing resource was reduced by 20 per cent.
“The service desperately requires more investment in order to maintain and further improve performance.”