Connect with us

Hi, what are you looking for?

Tech

NHS software provider faces £6m fine after hackers steal tens of thousands of medical records

A major NHS IT provider faces a penalty of just over £6m for failures which led to a cyber attack and the theft of nearly 83,000 medical records.

The Information Commissioner’s Office (ICO) has been investigating Advanced, which supplies vital systems for the health service, since the breach on 4 August 2022.

The cyber attack had wide-ranging implications, affecting the system used to dispatch ambulances, book out-of-hours appointments and issue emergency prescriptions.

In a provisional ruling, the ICO says the software provider breached data protection law by failing to secure personal information belonging to 82,946 people.

Their records were stolen in a ransomware attack by hackers who gained entry to Advanced’s computer systems using an account which did not have multi-factor authentication (MFA).

Typically MFA would prevent cyber criminals from using stolen passwords to secure access.

The data included sensitive information, phone numbers, medical records and information about how to gain entry to the properties of 890 people receiving care at home.

The disruption affected critical services such as NHS 111 and meant other healthcare staff were unable to access patient records.

People affected by the breach have been notified, and there is no evidence any data was published on the dark web.

The ICO has provisionally decided to impose a fine of £6.09m but the final ruling, and any penalty, will depend on the response from Advanced.

John Edwards, UK Information Commissioner, said: “Not only was personal information compromised, but we have also seen reports that this incident caused disruption to some health services.

“For an organisation trusted to handle a significant volume of sensitive and special category data, we have provisionally found serious failings in its approach to information security.”

Advanced released an update following the data breach confirming patient information was copied from their systems before being encrypted.

Typically ransomware attacks involve scrambling victims’ data and making it inaccessible unless they pay up.

The ransomware attack in 2022 led the Welsh Ambulance Service to declare a “major outage” of the system used to refer patients from 111 to out-of-hours GP providers.

It said the issue had affected all four nations in the UK.

In 2018, the NHS was severely affected by the WannaCry cyber attack, leading to thousands of cancelled appointments at a cost of nearly £100m.

This post appeared first on sky.com

    You May Also Like

    Stocks

    In this episode of StockCharts TV‘s The MEM Edge, Mary Ellen reviews what’s shaping up in the broader markets after the Fed announced their rate cut...

    Tech

    Consumer rights group Which? is suing Apple for £3bn over the way it deploys the iCloud. If the lawsuit succeeds, around 40 million Apple...

    Tech

    Battle lines have been drawn between the almost 200 countries meeting in Azerbaijan as they seek to agree a new pot of money to...

    Tech

    Meta has lowered the minimum age to use the popular messaging platform WhatsApp. The move, which came into effect on Thursday, reduces the age...

    Disclaimer: globalwashingtonwebinar.com, its managers, its employees, and assigns (collectively “The Company”) do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice. The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the company.

    Copyright © 2024 globalwashingtonwebinar.com | All Rights Reserved