Nhs Software Provider Fined £3m Over Data Breach After Ransomware Attack

An NHS package supplier has been fined £3m by nan Information Commissioner's Office (ICO) complete information failings that led to a ransomware onslaught connected nan NHS.

The Advanced Computer Software Group was fined for a breach that put individual accusation of 79,404 group astatine risk, nan UK's information protection watchdog said.

The patient provides IT and package services to organisations astir nan country, including nan NHS and different wellness providers, handling accusation successful its domiciled arsenic a information processor.

The breach took spot successful August 2022, erstwhile hackers gained entree to patients' telephone numbers and aesculapian records arsenic good arsenic specifications of really to summation introduction to nan homes of 890 group receiving attraction astatine home.

The unidentified hackers were capable to summation entree to nan accusation by utilizing a customer's relationship that did not person capable protection successful nan shape of multi-factor authentication.

The regulator's investigation concluded that Advanced did not person due information measures successful spot anterior to nan incident.

The cyberattack led to nan disruption of captious services including NHS 111, and near immoderate healthcare unit incapable to entree diligent records.

Software utilized to facilitate diligent check-ins was besides impacted.

Last year, nan regulator criticised Advanced complete nan incident, which placed "further strain" connected a "sector already nether pressure".

While nan institution had installed multi-factor authentication crossed galore of its systems, "the deficiency of complete coverage" was criticised by Information Commissioner John Edwards.

"The information measures of Advanced's subsidiary fell earnestly short of what we would expect from an organisation processing specified a ample measurement of delicate information," Mr Edwards said.

He added nan good should service arsenic a "stark reminder" to organisations to guarantee they person "robust information measures successful place".

"There is nary excuse for leaving immoderate portion of your strategy vulnerable," Mr Edwards added.

Last year, nan ICO announced it intended to enforce a provisional £6m fine connected Advanced for nan breach.

However, nan watchdog said nan sum had been halved because of nan proactive engagement of Advanced pinch police, cyber information services and nan NHS pursuing nan attack.