Home » News » NHS software provider fined £3m over data breach

NHS software provider fined £3m over data breach

NHS software provider fined £3m over data breach
May Be Interested In:Karishma Tanna fires back at trolls over body shaming, says ‘For once use social media to…’


An NHS software provider has been fined £3m by the Information Commissioner’s Office (ICO) over security failings that led to a ransomware attack on the NHS.

The Advanced Computer Software Group was fined for a breach that put personal information of 79,404 people at risk, the UK’s data protection watchdog said.

The firm provides IT and software services to organisations around the country, including the NHS and other health providers, handling information in its role as a data processor.

The breach took place in August 2022, when hackers gained access to patients’ phone numbers and medical records as well as details of how to gain entry to the homes of 890 people receiving care at home.

The unidentified hackers were able to gain access to the information by using a customer’s account that did not have sufficient protection in the form of multi-factor authentication.

The regulator’s investigation concluded that Advanced did not have appropriate security measures in place prior to the incident.

The cyberattack led to the disruption of critical services including NHS 111, and left some healthcare staff unable to access patient records.

Software used to facilitate patient check-ins was also impacted.

Last year, the regulator criticised Advanced over the incident, which placed “further strain” on a “sector already under pressure”.

While the company had installed multi-factor authentication across many of its systems, “the lack of complete coverage” was criticised by Information Commissioner John Edwards.

“The security measures of Advanced’s subsidiary fell seriously short of what we would expect from an organisation processing such a large volume of sensitive information,” Mr Edwards said.

He added the fine should serve as a “stark reminder” to organisations to ensure they have “robust security measures in place”.

“There is no excuse for leaving any part of your system vulnerable,” Mr Edwards added.

Last year, the ICO announced it intended to impose a provisional £6m fine on Advanced for the breach.

However, the watchdog said the sum had been halved because of the proactive engagement of Advanced with police, cyber security services and the NHS following the attack.

share Share facebook pinterest whatsapp x print

Similar Content

India shows military might and diversity at Republic Day parade
India shows military might and diversity at Republic Day parade February 16, 2025
Holly Willoughby, 44, looked ethereal in a white gown as she kicked off the live final of Dancing On Ice 2025 on Sunday
Holly Willoughby, 44, dazzles in an elegant white sequinned gown as she kicks off the Dancing On Ice Final amid doubts over the show’s future March 9, 2025
Man United vs Ipswich - Premier League: Live score and team news with 10-man Red Devils back in front in Old Trafford thriller, while Spurs trail City
Man United vs Ipswich – Premier League: Live score and team news with 10-man Red Devils back in front in Old Trafford thriller, while Spurs trail City February 26, 2025
China woos Bangladesh with healthcare as India ties sour
China woos Bangladesh with healthcare as India ties sour March 5, 2025
Frank Evola, who is the Spitfires' director of scouting and hockey operations, believes that, with the right development, picks Hamza Havusic and Charlie Moskowitz could develop into OHL players.
Hamza Havusic and Charlie Moskowitz will get a chance to grow. April 17, 2025
Alberta Premier Danielle Smith
Sask.’s Moe backs Alberta premier’s controversial U.S. appearance March 27, 2025
On the Horizon: The Stories That Will Shape the World | © 2025 | Daily News