1. Forum
  2. FidoNet Int
  3. politics

  • NHS IT supplier hit with

    From Mike Powell@1:2320/105 to All on Thu Mar 27 10:00:00 2025
    NHS IT supplier hit with major fine following ransomware attack

    Date:
    Thu, 27 Mar 2025 10:38:19 +0000

    Description:
    Advanced has been fined for putting thousands of users information at risk.

    FULL STORY

    The UK Information Commissioners Office (ICO) has issued a fine of 3.07
    million to software firm Advanced Computer Group Ltd following a 2022 ransomware attack in which NHS data was stolen and systems were encrypted, putting the personal information of 79,404 people at risk.

    This is the first fine from the ICO given to a data processor, and serves as
    a stark reminder that organisations risk becoming the next target without robust security measures in place, the Commissioner says.

    The attack caused disruptions to critical services at the time, including NHS 111, and meant some healthcare staff were unable to access patient records.
    The stolen information included patient phone numbers, medical records, and most concerning, access details for the homes of 890 people receiving care at home.

    Insufficient protections

    The ICOs investigation found that Advanced Computer Group Ltd didnt deploy sufficient technical and organisational measures to keep health and car
    systems fully secure prior to the incident, and pointed to gaps in Multi
    Factor Authentication Deployment, inadequate patch management, and a lack of comprehensive vulnerability scanning.

    The security measures of Advanceds subsidiary fell seriously short of what we would expect from an organisation processing such a large volume of sensitive information, confirms John Edwards, Information Commissioner.

    While Advanced had installed multi-factor authentication across many of its systems, the lack of complete coverage meant hackers could gain access,
    putting thousands of peoples sensitive personal information at risk.

    The firm was hit by a provisional fine of 6m in August 2024, but this was reduced after considerations were submitted to the ICO, including Advanceds proactive engagement with the NCSC, the NCA, and the NHS in the wake of the attack and other steps taken to mitigate the risk to those impacted.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/nhs-it-supplier-hit-with-major-fine-fol lowing-ransomware-attack

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)