Home » News » NHS software provider fined £3m over data breach

NHS software provider fined £3m over data breach

NHS software provider fined £3m over data breach
May Be Interested In:Bizarre iPhone bug causes some audio messages to fail. Here’s why


An NHS software provider has been fined £3m by the Information Commissioner’s Office (ICO) over security failings that led to a ransomware attack on the NHS.

The Advanced Computer Software Group was fined for a breach that put personal information of 79,404 people at risk, the UK’s data protection watchdog said.

The firm provides IT and software services to organisations around the country, including the NHS and other health providers, handling information in its role as a data processor.

The breach took place in August 2022, when hackers gained access to patients’ phone numbers and medical records as well as details of how to gain entry to the homes of 890 people receiving care at home.

The unidentified hackers were able to gain access to the information by using a customer’s account that did not have sufficient protection in the form of multi-factor authentication.

The regulator’s investigation concluded that Advanced did not have appropriate security measures in place prior to the incident.

The cyberattack led to the disruption of critical services including NHS 111, and left some healthcare staff unable to access patient records.

Software used to facilitate patient check-ins was also impacted.

Last year, the regulator criticised Advanced over the incident, which placed “further strain” on a “sector already under pressure”.

While the company had installed multi-factor authentication across many of its systems, “the lack of complete coverage” was criticised by Information Commissioner John Edwards.

“The security measures of Advanced’s subsidiary fell seriously short of what we would expect from an organisation processing such a large volume of sensitive information,” Mr Edwards said.

He added the fine should serve as a “stark reminder” to organisations to ensure they have “robust security measures in place”.

“There is no excuse for leaving any part of your system vulnerable,” Mr Edwards added.

Last year, the ICO announced it intended to impose a provisional £6m fine on Advanced for the breach.

However, the watchdog said the sum had been halved because of the proactive engagement of Advanced with police, cyber security services and the NHS following the attack.

share Share facebook pinterest whatsapp x print

Similar Content

Ipso logo
Gardeners ‘swear’ Amazon gadget makes painting fences ‘a breeze’ without a brush April 15, 2025
Infighting and leadership battles rock Australia's four biggest parties
Infighting and leadership battles rock Australia’s four biggest parties May 12, 2025
'A fool for love': Elon Musk's many girlfriends, from Amber Heard to Grimes
‘A fool for love’: Elon Musk’s many girlfriends, from Amber Heard to Grimes February 21, 2025
Top 5 causes of hair fall in men - The Times of India
Top 5 causes of hair fall in men – The Times of India April 11, 2025
How UCLA aced the transfer portal to build a Final Four roster
How UCLA aced the transfer portal to build a Final Four roster April 3, 2025
Flourishing microalgae could offset emissions as the planet heats up
Flourishing microalgae could offset emissions as the planet heats up March 27, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *

On the Move: News that’s Changing the World | © 2025 | Daily News