NHS IT firm set for major fine following medical records hack

NHS
Image credit: Shutterstock (Image credit: Shutterstock)

An NHS software provider has been hit by a provisional fine of £6m by the Information Commissioner's Office (ICO) following a serious data breach.

Advanced Computer Software Group was hit by a cyberattack in October 2022 which took down NHS systems for patient check-ins, medical notes and the NHS 111 non-emergency service.

In total, the personal information of 82,946 people was stolen by the attackers.

Provisional fine

John Edwards, the Information Commissioner, said, "Not only was personal information compromised, but we have also seen reports that this incident caused disruption to some health services, disrupting their ability to deliver patient care. A sector already under pressure was put under further strain due to this incident."

The attackers gained access to sensitive information by using a poorly protected customer account. Patient medical records were among the stolen data, including information on “how to gain entry to the homes of 890 people.” Following the breach, those affected were notified, but Advanced Computer Software Group has so far found no evidence that any of the stolen information has shown up on the dark web.

As systems were taken offline by the attack, some GP services were forced to resort to paper notes with some doctors who spoke to the BBC at the time stating that the backlog of paperwork would take months to process.

The ICO stated that the fine was provisional and would wait to make a final decision as it was waiting to hear back from Advanced Computer Software Group.

“I am choosing to publicise this provisional decision today as it is my duty to ensure other organisations have information that can help them to secure their systems and avoid similar incidents in the future," Edwards added. "I urge all organisations, especially those handling sensitive health data, to urgently secure external connections with multi-factor authentication.”

More from TechRadar Pro

Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

Read more
healthcare
Software bug meant NHS information was potentially “vulnerable to hackers”
healthcare
Over a million clinical records exposed in data breach
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
UK private health services firm told to pay up $2m for ransomware hit
ID theft
Over a million patients potentially hit after another US healthcare provider hit by cyberattack
ransomware avast
The biggest addiction treatment provider in the US says it was hit by data breach
An abstract image of padlocks overlaying a digital background.
US healthcare giant Ascension says ransomware attack affected nearly six million customers
Latest in Pro
Google DeepMind panel discussion
“More sovereignty and protection” - Google goes all-in on UK AI with data residency, upskilling projects, and startup investments
A graphic showing someone on a tablet working through a supply chain.
Security issue in open source software leaves businesses concerned for systems
European Union technical background
EU tech companies push for digital sovereignty, reducing reliance on US and others
ransomware avast
One of the most powerful ransomware hacks around has been cracked using some serious GPU power
person at a computer
Infamous ransomware hackers reveal new tool to brute-force VPNs
Adobe Summit 2025
Adobe Summit 2025 - all the news and updates as it happens
Latest in News
Panos Panay and Alexa Plus
Amazon's Panos Panay teases future Alexa+ devices from speakers to possible wearables
Metroid Prime 4
I reckon the Nintendo Switch 2 could launch with Metroid Prime 4 – here’s why
Samsung Galaxy Z Fold 6
New rumors predict a foldable iPhone will launch next year – and cost almost twice as much as the iPhone 16 Pro Max
Pebble smartwatch countdown
Pebble confirms its smartwatch announcement is just hours away
Logo of YouTube Shorts
Is YouTube auto-playing Shorts when you open the app? Well, you’re not alone - here’s how to fix it
Google DeepMind panel discussion
“More sovereignty and protection” - Google goes all-in on UK AI with data residency, upskilling projects, and startup investments