Overview
- DXS said it discovered unauthorized access on December 14 and contained the breach with help from NHS England.
- The company engaged an external cybersecurity firm and notified the ICO, law enforcement, and relevant NHS bodies, with investigations ongoing.
- A group calling itself DEVMAN claimed responsibility on a dark‑web site and says it exfiltrated about 300 gigabytes of data, with a threat to publish data on December 20 AEST.
- DXS reported minimal impact on its services, and an NHS England spokesperson said there is no awareness of impacts to patient services.
- The company told investors it does not currently expect a material financial hit, as questions persist over any exposure given its software is widely used by GPs serving an estimated 17 million patients.