The Information Commissioner’s Office (ICO) has provisionally imposed a £6m fine on an NHS software provider over a data breach which affected more than 80,000 people.
The breach took place in 2022 and included sensitive personal information including medical records and “how to gain entry to the homes of 890 people”.
But the ICO stressed it was a provisional fine, and it would wait to hear from Advanced Computer Software Group before making a final decision.
It said its initial findings were that personal information belonging to 82,946 people had been “exfiltrated” by hackers.
“Not only was personal information compromised, but we have also seen reports that this incident caused disruption to some health services, disrupting their ability to deliver patient care,” said John Edwards, the Information Commissioner.
“A sector already under pressure was put under further strain due to this incident.”
The ICO said people who had been affected by the hack had been notified, and Advanced had not been able to find evidence that information had been leaked on the dark web.
Criminal hackers took offline seven of Advanced’s health systems, including software used for patient check-ins, medical notes and the NHS 111 service.
Doctors told the BBC at the time it could take months to process mounting piles of medical paperwork caused by the cyber-attack.
It left some GP services forced to take notes using pen and paper rather than using electronic systems.
Credit: Source link
