{"id":6029,"date":"2024-08-07T11:45:51","date_gmt":"2024-08-07T11:45:51","guid":{"rendered":"https:\/\/digitaltradecenter.com\/index.php\/2024\/08\/07\/nhs-software-provider-faces-6m-fine-after-hackers-steal-tens-of-thousands-of-medical-records\/"},"modified":"2024-08-07T11:45:51","modified_gmt":"2024-08-07T11:45:51","slug":"nhs-software-provider-faces-6m-fine-after-hackers-steal-tens-of-thousands-of-medical-records","status":"publish","type":"post","link":"https:\/\/digitaltradecenter.com\/index.php\/2024\/08\/07\/nhs-software-provider-faces-6m-fine-after-hackers-steal-tens-of-thousands-of-medical-records\/","title":{"rendered":"NHS software provider faces \u00a36m fine after hackers steal tens of thousands of medical records"},"content":{"rendered":"<p>A major NHS IT provider faces a penalty of just over \u00a36m for failures which led to a cyber attack and the theft of nearly 83,000 medical records.<\/p>\n<p>The Information Commissioner&#8217;s Office (ICO) has been investigating Advanced, which supplies vital systems for the health service, <strong>since the breach<\/strong> on 4 August 2022.<\/p>\n<div class=\"sdc-site-outbrain sdc-site-outbrain--AR_6\" aria-hidden=\"true\" data-component-name=\"sdc-site-outbrain\" data-target=\"\" data-widget-mapping=\"\" data-installation-keys=\"\">    <\/div>\n<p>The <strong>cyber attack<\/strong> had wide-ranging implications, affecting the system used to dispatch ambulances, book out-of-hours appointments and issue emergency prescriptions.<\/p>\n<p>In a provisional ruling, the ICO says the software provider breached data protection law by failing to secure personal information belonging to 82,946 people.<\/p>\n<p>Their records were stolen in a ransomware attack by hackers who gained entry to Advanced&#8217;s computer systems using an account which did not have multi-factor authentication (MFA).<\/p>\n<div class=\"ad ad--teads\">        <\/div>\n<p>Typically MFA would prevent cyber criminals from using stolen passwords to secure access.<\/p>\n<p>The data included sensitive information, phone numbers, medical records and information about how to gain entry to the properties of 890 people receiving care at home.<\/p>\n<p>The disruption affected critical services such as <strong>NHS<\/strong> 111 and meant other healthcare staff were unable to access patient records.<\/p>\n<p>People affected by the breach have been notified, and there is no evidence any data was published on the dark web.<\/p>\n<p>The ICO has provisionally decided to impose a fine of \u00a36.09m but the final ruling, and any penalty, will depend on the response from Advanced.<\/p>\n<p>John Edwards, UK Information Commissioner, said: &#8220;Not only was personal information compromised, but we have also seen reports that this incident caused disruption to some health services.<\/p>\n<p>&#8220;For an organisation trusted to handle a significant volume of sensitive and special category data, we have provisionally found serious failings in its approach to information security.&#8221;<\/p>\n<p>Advanced released an update following the data breach confirming patient information was copied from their systems before being encrypted.<\/p>\n<p>Typically ransomware attacks involve scrambling victims&#8217; data and making it inaccessible unless they pay up.<\/p>\n<p>The ransomware attack in 2022 led the Welsh Ambulance Service to declare a &#8220;major outage&#8221; of the system used to refer patients from 111 to out-of-hours GP providers.<\/p>\n<p>It said the issue had affected all four nations in the UK.<\/p>\n<p>In 2018, the NHS was severely affected by the <strong>WannaCry cyber attack<\/strong>, leading to thousands of cancelled appointments at a cost of nearly \u00a3100m.<\/p>\n<\/p>\n<div>This post appeared first on sky.com<\/div>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A major NHS IT provider faces a penalty of just over \u00a36m for failures which led to a cyber attack and the theft of nearly 83,000 medical records. The Information Commissioner&#8217;s Office (ICO) has been investigating Advanced, which supplies vital systems for the health service, since the breach on 4 August 2022. The cyber attack <\/p>\n","protected":false},"author":1,"featured_media":6030,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[24],"tags":[],"class_list":{"0":"post-6029","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-science"},"_links":{"self":[{"href":"https:\/\/digitaltradecenter.com\/index.php\/wp-json\/wp\/v2\/posts\/6029","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/digitaltradecenter.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/digitaltradecenter.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/digitaltradecenter.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/digitaltradecenter.com\/index.php\/wp-json\/wp\/v2\/comments?post=6029"}],"version-history":[{"count":0,"href":"https:\/\/digitaltradecenter.com\/index.php\/wp-json\/wp\/v2\/posts\/6029\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/digitaltradecenter.com\/index.php\/wp-json\/wp\/v2\/media\/6030"}],"wp:attachment":[{"href":"https:\/\/digitaltradecenter.com\/index.php\/wp-json\/wp\/v2\/media?parent=6029"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/digitaltradecenter.com\/index.php\/wp-json\/wp\/v2\/categories?post=6029"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/digitaltradecenter.com\/index.php\/wp-json\/wp\/v2\/tags?post=6029"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}