NHS software provider faces £6m fine after ransomware attack failings

Advanced, the software provider that supplies IT and data services for the NHS, is facing penalty of over £6.09 million after the NHS suffered a major cyber-attack that led to the theft of around 83,000 medical records.

The Information Commissioner’s Office (ICO) has been investigating the company since the breach happened on 4 August 2022.

The attack caused disruption to a wide range of health services, including the system used to dispatch ambulances, book out-of-hours appointments, and facilitate emergency drugs prescription.

The ICO said that the software provider breached data protection law as it failed to implement appropriate security measures to safeguard personal information belonging to NHS patients.

Records were stolen as hackers accessed Advanced’s computer system using an account which did not have multi-factor authentication (MFA), a security measure that is widely used to prevent unauthorised access to private data.

The stolen data included sensitive information like phone numbers, medical records, and property access information for around 890 patients receiving homecare.

The breach also caused disruption to critical services such as NHS 111, with staff being unable to access patient records.

Advanced reported that no evidence of any data being published on the dark web was found.

John Edwards, UK information commissioner, said that information security is crucial for organisations such as the NHS, which is “already under pressure” and has been “put under further strain” due to the incident.

He also encouraged all organisations to take fundamental measures to secure their systems, including regularly checking for vulnerabilities, implementing multi-factor authentication and keeping systems up to date with the latest security patches.

“Losing control of sensitive personal information will have been distressing for people who had no choice but to put their trust in health and care organisations,” he added.

The news comes after the NHS suffered two new ransomware attacks this year.

In June, residents of the Scottish region of Dumfries and Galloway received a letter warning they had suffered a cyberattack resulting in sensitive data publication.

Earlier this month, another ransomware attack on a pathology service provider Synnovis heavily disrupted operations in multiple hospitals across London, impacting services such as blood tests or transfusions.



Share Story:

Recent Stories


The future-ready CFO: Driving strategic growth and innovation
This National Technology News webinar sponsored by Sage will explore how CFOs can leverage their unique blend of financial acumen, technological savvy, and strategic mindset to foster cross-functional collaboration and shape overall company direction. Attendees will gain insights into breaking down operational silos, aligning goals across departments like IT, operations, HR, and marketing, and utilising technology to enable real-time data sharing and visibility.

The corporate roadmap to payment excellence: Keeping pace with emerging trends to maximise growth opportunities
In today's rapidly evolving finance and accounting landscape, one of the biggest challenges organisations face is attracting and retaining top talent. As automation and AI revolutionise the profession, finance teams require new skillsets centred on analysis, collaboration, and strategic thinking to drive sustainable competitive advantage.