NHS IT firm set for major fine following medical records hack

Sensitive patient data was stolen in the attack

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

An NHS software provider has been hit by aprovisional fineof £6m by the Information Commissioner’s Office (ICO) following a serious data breach.

Advanced Computer Software Group washit by a cyberattack in October 2022which took down NHS systems for patient check-ins, medical notes and the NHS 111 non-emergency service.

In total, the personal information of 82,946 people was stolen by the attackers.

Provisional fine

John Edwards, the Information Commissioner, said, “Not only was personal information compromised, but we have also seen reports that this incident caused disruption to some health services, disrupting their ability to deliver patient care. A sector already under pressure was put under further strain due to this incident.”

The attackers gained access to sensitive information by using a poorly protected customer account. Patient medical records were among the stolen data, including information on “how to gain entry to the homes of 890 people.” Following the breach, those affected were notified, but Advanced Computer Software Group has so far found no evidence that any of the stolen information has shown up on the dark web.

As systems were taken offline by the attack, some GP services were forced to resort to paper notes with some doctors who spoke to theBBCat the time stating that the backlog of paperwork would take months to process.

The ICO stated that the fine was provisional and would wait to make a final decision as it was waiting to hear back from Advanced Computer Software Group.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“I am choosing to publicise this provisional decision today as it is my duty to ensure other organisations have information that can help them to secure their systems and avoid similar incidents in the future," Edwards added. “I urge all organisations, especially those handling sensitive health data, to urgently secure external connections withmulti-factor authentication.”

More from TechRadar Pro

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division),  then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

Samsung plans record-breaking 400-layer NAND chip that could be key to breaking 200TB barrier for ultra large capacity AI hyperscaler SSDs

Adobe’s decision to eliminate perpetual licensing for its Elements software has stirred controversy among consumers

Red One isn’t perfect but it proves we need more action-packed Christmas movies