Economy

NHS IT firm faces £6m fine over medical records hack

A software provider is facing a potential £6 million fine following a 2022 ransomware attack that disrupted NHS and social care services across England.

The Information Commissioner’s Office (ICO) has provisionally concluded that Advanced Computer Software Group did not implement adequate measures to safeguard the personal data of 82,946 people affected by the breach, which included sensitive information.

Advanced provides IT and software services to various organisations, including the NHS and other health providers, functioning as a data processor. In August 2022, hackers gained access to the firm’s health and care systems through a customer account lacking multifactor authentication.

The cyberattack caused significant disruptions to critical services such as NHS 111, with data stolen including phone numbers, medical records, and details on how to access the homes of nearly 900 individuals receiving home care.

A leaked internal NHS England memo revealed that the attack had affected multiple NHS services, including urgent treatment centres and mental health providers, by taking essential software offline, posing a substantial challenge to these services.

Information Commissioner John Edwards emphasised the importance of prioritising information security: “Losing control of sensitive personal information will have been distressing for people who had no choice but to put their trust in health and care organisations. Not only was personal information compromised, but we have also seen reports that this incident caused disruption to some health services, disrupting their ability to deliver patient care.”

Edwards expressed hope that the fine would prompt companies to urgently improve their data protection measures. He added, “For an organisation trusted to handle a significant volume of sensitive and special category data, we have provisionally found serious failings in its approach to information security prior to this incident. We expect all organisations to take fundamental steps to secure their systems, such as regularly checking for vulnerabilities, implementing multifactor authentication, and keeping systems up to date with the latest security patches.”

The ICO’s findings are provisional, and the regulator will consider any representations from Advanced before reaching a final decision.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Most Popular

Your daily news source covering investing ideas, market stocks, business, retirement tips from Wall St. to Silicon Valley.

Disclaimer:

GroovyTrades.com, its managers, its employees, and assigns (collectively “The Company”) do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice.
The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the company.

Copyright © 2024 GroovyTrades. All Rights Reserved.

To Top