CyberSecurity news
FlagThis
@itpro.com
//
Advanced Computer Software Group, an NHS software supplier, has been fined £3 million by the Information Commissioner's Office (ICO) for security failures that led to a disruptive ransomware attack in 2022. The ICO determined that Advanced Computer Software Group failed to implement appropriate security measures prior to the attack, which compromised the personal information of tens of thousands of NHS patients. The LockBit ransomware group was identified as the perpetrator, gaining access through a customer account lacking multi-factor authentication (MFA).
Personal information belonging to 79,404 people was taken in the attack, including instructions for carers on how to gain entry into the properties of 890 people who were receiving care at home. The stolen data included checklists for medics on how to get into vulnerable people's homes. The ICO cited gaps in applying MFA policies across the organization, a lack of vulnerability scanning, and inadequate patch management as the primary facilitators of the attack.
ImgSrc: cdn.mos.cms.fut
References :
Personal information belonging to 79,404 people was taken in the attack, including instructions for carers on how to gain entry into the properties of 890 people who were receiving care at home. The stolen data included checklists for medics on how to get into vulnerable people's homes. The ICO cited gaps in applying MFA policies across the organization, a lack of vulnerability scanning, and inadequate patch management as the primary facilitators of the attack.
ImgSrc: cdn.mos.cms.fut
Share:
References :
- bsky.app: NHS provider Advanced has been fined £3m by ICO for security failures that led to the hugely disruptive ransomware hack in 2022. One shocking new detail - not only was personal info of 79k people taken - it included instructions for carers on how to gain entry into 890 patient's homes.
- The Register - Security: Data stolen included checklist for medics on how to get into vulnerable people's homes The UK's data protection watchdog is dishing out a £3.07 million ($3.95 million) fine to Advanced Computer Software Group, whose subsidiary's security failings led to a ransomware attack affecting NHS care.
- techcrunch.com: NHS vendor Advanced will pay just over £3 million ($3.8 million) in fines for not implementing basic security measures before it suffered a ransomware attack in 2022, the U.K.’s data protection regulator has confirmed.
- www.itpro.com: The Information Commissioner's Office (ICO) said Advanced Computer Software Group failed to use appropriate security measures before the 2022 attack, which put the personal information of tens of thousands of NHS patients at risk.
- DataBreaches.Net: The UK’s data protection watchdog is dishing out a £3.07 million ($3.95 million) fine to Advanced Computer Software Group, whose subsidiary’s security failings led to a ransomware attack affecting NHS care. This is nearly half the fine the Information Commissioner’s Office provisionally floated...
- www.cybersecurity-insiders.com: NHS LockBit ransomware attack yields £3.07 million penalty on tech provider
- www.bleepingcomputer.com: UK fines software provider £3.07 million for 2022 ransomware breach
- The DefendOps Diaries: Understanding the 2022 NHS Ransomware Attack: Lessons and Future Preparedness
- Tech Monitor: UK ICO fines Advanced Computer Software £3m after NHS data breach
Classification:
- HashTags: #Ransomware #DataBreach #NHS
- Company: Advanced Computer Software Group
- Target: NHS patients
- Product: Advanced Computer Software
- Feature: Security Failings
- Type: DataBreach
- Severity: Major