{"id":2514,"date":"2024-08-07T03:00:41","date_gmt":"2024-08-07T03:00:41","guid":{"rendered":"https:\/\/tradetrovex.com\/index.php\/2024\/08\/07\/nhs-software-provider-faces-6m-fine-after-hackers-steal-tens-of-thousands-of-medical-records\/"},"modified":"2024-08-07T03:00:41","modified_gmt":"2024-08-07T03:00:41","slug":"nhs-software-provider-faces-6m-fine-after-hackers-steal-tens-of-thousands-of-medical-records","status":"publish","type":"post","link":"https:\/\/tradetrovex.com\/index.php\/2024\/08\/07\/nhs-software-provider-faces-6m-fine-after-hackers-steal-tens-of-thousands-of-medical-records\/","title":{"rendered":"NHS software provider faces \u00a36m fine after hackers steal tens of thousands of medical records"},"content":{"rendered":"<p>A major NHS IT provider faces a penalty of just over \u00a36m for failures which led to a cyber attack and the theft of nearly 83,000 medical records.<\/p>\n<p>The Information Commissioner\u2019s Office (ICO) has been investigating Advanced, which supplies vital systems for the health service, <strong>since the breach<\/strong> on 4 August 2022.<\/p>\n<div class=\"sdc-site-outbrain sdc-site-outbrain--AR_6\">    <\/div>\n<p>The <strong>cyber attack<\/strong> had wide-ranging implications, affecting the system used to dispatch ambulances, book out-of-hours appointments and issue emergency prescriptions.<\/p>\n<p>In a provisional ruling, the ICO says the software provider breached data protection law by failing to secure personal information belonging to 82,946 people.<\/p>\n<p>Their records were stolen in a ransomware attack by hackers who gained entry to Advanced\u2019s computer systems using an account which did not have multi-factor authentication (MFA).<\/p>\n<div class=\"ad ad--teads\">        <\/div>\n<p>Typically MFA would prevent cyber criminals from using stolen passwords to secure access.<\/p>\n<p>The data included sensitive information, phone numbers, medical records and information about how to gain entry to the properties of 890 people receiving care at home.<\/p>\n<p>The disruption affected critical services such as <strong>NHS<\/strong> 111 and meant other healthcare staff were unable to access patient records.<\/p>\n<p>People affected by the breach have been notified, and there is no evidence any data was published on the dark web.<\/p>\n<p>The ICO has provisionally decided to impose a fine of \u00a36.09m but the final ruling, and any penalty, will depend on the response from Advanced.<\/p>\n<p>John Edwards, UK Information Commissioner, said: \u201cNot only was personal information compromised, but we have also seen reports that this incident caused disruption to some health services.<\/p>\n<p>\u201cFor an organisation trusted to handle a significant volume of sensitive and special category data, we have provisionally found serious failings in its approach to information security.\u201d<\/p>\n<p>Advanced released an update following the data breach confirming patient information was copied from their systems before being encrypted.<\/p>\n<p>Typically ransomware attacks involve scrambling victims\u2019 data and making it inaccessible unless they pay up.<\/p>\n<p>The ransomware attack in 2022 led the Welsh Ambulance Service to declare a \u201cmajor outage\u201d of the system used to refer patients from 111 to out-of-hours GP providers.<\/p>\n<p>It said the issue had affected all four nations in the UK.<\/p>\n<p>In 2018, the NHS was severely affected by the <strong>WannaCry cyber attack<\/strong>, leading to thousands of cancelled appointments at a cost of nearly \u00a3100m.<\/p>\n<\/p>\n<div>This post appeared first on sky.com<\/div>\n","protected":false},"excerpt":{"rendered":"<p>A major NHS IT provider faces a penalty of just over \u00a36m for failures which&hellip;<\/p>\n","protected":false},"author":0,"featured_media":2515,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-2514","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tech-news"],"_links":{"self":[{"href":"https:\/\/tradetrovex.com\/index.php\/wp-json\/wp\/v2\/posts\/2514","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tradetrovex.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tradetrovex.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/tradetrovex.com\/index.php\/wp-json\/wp\/v2\/comments?post=2514"}],"version-history":[{"count":0,"href":"https:\/\/tradetrovex.com\/index.php\/wp-json\/wp\/v2\/posts\/2514\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tradetrovex.com\/index.php\/wp-json\/wp\/v2\/media\/2515"}],"wp:attachment":[{"href":"https:\/\/tradetrovex.com\/index.php\/wp-json\/wp\/v2\/media?parent=2514"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tradetrovex.com\/index.php\/wp-json\/wp\/v2\/categories?post=2514"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tradetrovex.com\/index.php\/wp-json\/wp\/v2\/tags?post=2514"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}