Overview
- The Information Commissioner's Office (ICO) fined Advanced Computer Software Group Ltd £3.07 million for a 2022 ransomware attack that exposed sensitive data of 79,404 individuals.
- The attack, attributed to the LockBit ransomware group, disrupted NHS services, including NHS 111, and left staff unable to access patient records.
- The ICO found that Advanced failed to implement adequate security measures, including incomplete multi-factor authentication (MFA) and poor vulnerability management.
- Sensitive information exposed in the breach included medical records and access details for 890 individuals receiving home care.
- The fine, initially proposed at £6.09 million, was reduced due to Advanced's proactive cooperation with the NCSC, NCA, and NHS to address the fallout and improve cybersecurity.