NHS IT firm set for major fine following medical records hack

Image credit: Shutterstock (Image credit: Shutterstock)

An NHS software provider has been hit by a provisional fine of £6m by the Information Commissioner's Office (ICO) following a serious data breach.

Advanced Computer Software Group was hit by a cyberattack in October 2022 which took down NHS systems for patient check-ins, medical notes and the NHS 111 non-emergency service.

In total, the personal information of 82,946 people was stolen by the attackers.

Provisional fine

John Edwards, the Information Commissioner, said, "Not only was personal information compromised, but we have also seen reports that this incident caused disruption to some health services, disrupting their ability to deliver patient care. A sector already under pressure was put under further strain due to this incident."

The attackers gained access to sensitive information by using a poorly protected customer account. Patient medical records were among the stolen data, including information on “how to gain entry to the homes of 890 people.” Following the breach, those affected were notified, but Advanced Computer Software Group has so far found no evidence that any of the stolen information has shown up on the dark web.

As systems were taken offline by the attack, some GP services were forced to resort to paper notes with some doctors who spoke to the BBC at the time stating that the backlog of paperwork would take months to process.

The ICO stated that the fine was provisional and would wait to make a final decision as it was waiting to hear back from Advanced Computer Software Group.

“I am choosing to publicise this provisional decision today as it is my duty to ensure other organisations have information that can help them to secure their systems and avoid similar incidents in the future," Edwards added. "I urge all organisations, especially those handling sensitive health data, to urgently secure external connections with multi-factor authentication.”

More from TechRadar Pro

Take a look at the best firewalls
One of the biggest data breaches ever leaks details on billions of users — here's what we know so far
These are the best antivirus services around

Benedict has been writing about security issues for close to 5 years, at first covering geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division). Benedict then continued his studies at a postgraduate level and achieved a distinction in MA Security, Intelligence and Diplomacy. Benedict transitioned his security interests towards cybersecurity upon joining TechRadar Pro as a Staff Writer, focusing on state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

Latest

Quordle today – hints and answers for Sunday, September 8 (game #958)

See more latest ►

Provisional fine

Are you a pro? Subscribe to our newsletter

More from TechRadar Pro

Most Popular