An NHS software provider has been hit by a provisional fine of £6m by the Information Commissioner’s Office (ICO) following a serious data breach.
Advanced Computer Software Group was hit by a cyberattack in October 2022 which took down NHS systems for patient check-ins, medical notes and the NHS 111 non-emergency service.
In total, the personal information of 82,946 people was stolen by the attackers.
Provisional fine
John Edwards, the Information Commissioner, said, “Not only was personal information compromised, but we have also seen reports that this incident caused disruption to some health services, disrupting their ability to deliver patient care. A sector already under pressure was put under further strain due to this incident.”
The attackers gained access to sensitive information by using a poorly protected customer account. Patient medical records were among the stolen data, including information on “how to gain entry to the homes of 890 people.” Following the breach, those affected were notified, but Advanced Computer Software Group has so far found no evidence that any of the stolen information has shown up on the dark web.
As systems were taken offline by the attack, some GP services were forced to resort to paper notes with some doctors who spoke to the BBC at the time stating that the backlog of paperwork would take months to process.
The ICO stated that the fine was provisional and would wait to make a final decision as it was waiting to hear back from Advanced Computer Software Group.
“I am choosing to publicise this provisional decision today as it is my duty to ensure other organisations have information that can help them to secure their systems and avoid similar incidents in the future,” Edwards added. “I urge all organisations, especially those handling sensitive health data, to urgently secure external connections with multi-factor authentication.”
+ There are no comments
Add yours