Connect with us

Business

NHS IT company faces £6m fine for hacking medical records

Business

Silicon Valley tech company apologizes for sexist stunt after response to industry event

Business

The national Watsons price drop will take place from August 15 to 18

Business

Asda's share of the supermarket market is falling as chairman Lord Rose expresses concerns about its performance

Business

BSP likely to be patient in keeping policy rate stable – GlobalSource

Business

Directors are becoming increasingly involved in business operations as confidence in executive teams decreases

Business

R&I raises PHL's credit rating to 'A-'

Business

Taylor Swift ticket prices drop 90% on last-minute resale market, patience appears to be key

Business

Solar Spikers eye quarter against Farm Fresh

Business

Sir Charles Dunstone injects £65 million to save TalkTalk from collapse

Business

NHS IT company faces £6m fine for hacking medical records

blogaid.org

Published

1 week ago

on

NHS IT firm Advanced Computer Software Group faces a potential £6m fine after a 2022 ransomware attack compromised data of 82,946 individuals, highlighting significant information security failings.

A software supplier faces a £6 million fine following a 2022 ransomware attack that disrupted the NHS and social care services across England.

The Information Commissioner’s Office (ICO) has provisionally concluded that Advanced Computer Software Group did not take adequate measures to protect the personal data of 82,946 people affected by the breach, including sensitive information.

Advanced provides IT and software services to various organisations, including the NHS and other healthcare providers, and functions as a data processor. In August 2022, hackers gained access to the company’s health and care systems through a customer account without multi-factor authentication.

The cyber attack caused significant disruption to critical services such as NHS 111, with data stolen including phone numbers, medical records and details of how to access the homes of almost 900 people receiving home care.

A leaked internal NHS England memo revealed that the attack had affected multiple NHS services, including urgent treatment centers and mental health providers, by taking vital software offline, posing a significant challenge to these services.

Information Commissioner John Edwards highlighted the importance of prioritizing information security: “Losing control of sensitive personal information will have been painful for people who had no choice but to place their trust in health and care organisations. Not only was personal information compromised, but we have also seen reports that this incident caused disruption to some healthcare services, disrupting their ability to provide patient care.”

Edwards expressed hope that the fine would prompt companies to urgently improve their data protection measures. He added: “For an organization that is trusted to handle a significant amount of sensitive and specialty data, we have identified significant shortcomings in its approach to information security prior to this incident. We expect all organizations to take fundamental steps to secure their systems, such as regularly checking for vulnerabilities, implementing multi-factor authentication and keeping systems up to date with the latest security patches.”

The ICO’s findings are preliminary and the regulator will consider any comments from Advanced before making a final decision.

Related Topics:
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *