NHS software provider faces £6m fine after hackers steal tens of thousands of medical records

hackersnhs

The data protection watchdog has issued a provisional ruling holding software company Advanced responsible for “serious failings” after a cyberattack led to the theft of sensitive patient data and disrupted NHS services.

Advanced, a major IT provider for the NHS, is facing a potential fine of just over £6 million due to shortcomings that resulted in the breach, which occurred on 4 August 2022. The Information Commissioner’s Office (ICO) has been investigating the incident, which affected systems critical to the health service, including those used for dispatching ambulances, booking out-of-hours appointments, and issuing emergency prescriptions.

In its provisional findings, the ICO stated that Advanced violated data protection laws by failing to adequately secure the personal information of 82,946 individuals. Hackers were able to carry out a ransomware attack by exploiting an account within Advanced’s systems that lacked multi-factor authentication (MFA), a security measure that typically prevents unauthorized access even if passwords are compromised.

The stolen data included highly sensitive details such as phone numbers, medical records, and entry instructions for the homes of 890 individuals receiving care. The cyberattack caused significant disruption, impacting essential services like NHS 111 and leaving healthcare staff unable to access patient records.

Those affected by the breach have been notified, and there is no indication that any of the stolen data has been published on the dark web.

The ICO has tentatively decided to impose a £6.09 million fine, though the final decision and any associated penalties will depend on Advanced’s response to the ruling.

John Edwards, the UK Information Commissioner, commented: “This incident not only compromised personal information but also reportedly disrupted vital health services. For an organization entrusted with handling large amounts of sensitive and special category data, we have provisionally identified serious shortcomings in its information security practices.”

Following the breach, Advanced confirmed that patient information was copied from its systems before being encrypted by the attackers. Ransomware attacks like this typically involve encrypting victims’ data and demanding payment for its release.

Source

Control F5 Team
Blog Editor
Relational Services
Web Applications
Dev Ops
Mobile Applications
MVP Development
Software Testing
UI / UX Design
OUR WORK
Case studies

We have helped 20+ companies in industries like Finance, Transportation, Health, Tourism, Events, Education, Sports.

 
AI Powered News Portal and Aggregation App
Web & Mobile Application Journalism
AI Powered News Portal and Aggregation App
Case Study
Data Computing Visualization Platform for Ernst & Young
Web Platform Financial
Data Computing Visualization Platform for Ernst & Young
Case Study
Suite of Applications for Fintech Trading Company
Suite of Applications Financial
Suite of Applications for Fintech Trading Company
Case Study
Reservation Platform For Travel Agency
Web Platform Travel
Reservation Platform For Travel Agency
Case Study
Online Road Tax Payment Platform
Web & Mobile Application Transportation
Online Road Tax Payment Platform
Case Study
Team Augmentation and Consultancy for A SaaS Company
Team Augmentation Hospitality
Team Augmentation and Consultancy for A SaaS Company
Case Study
Wedding Photographers And Videographers Marketplace
Marketplace Events
Wedding Photographers And Videographers Marketplace
Case Study
Portal & Online Magazine for Brides
Online Magazine Events
Portal & Online Magazine for Brides
Case Study
Custom eCommerce Solution for Cosmetics Company
Online Shop eCommerce
Custom eCommerce Solution for Cosmetics Company
Case Study
Web Application for Comparing Tariff Plans and Phone Offers
Web Application Telecom
Web Application for Comparing Tariff Plans and Phone Offers
Case Study
Dental Clinics Marketplace
Marketplace Health
Dental Clinics Marketplace
Case Study
Micro-services Solution for Hotel Reservation Agency for Realtime Pricing Update
Backend System Travel
Micro-services Solution for Hotel Reservation Agency for Realtime Pricing Update
Case Study
 
View all case studies
READY TO DO THIS
Let’s build something together
Contact us