- NHS technology provider DXS International hit by ransomware; minimal impact on clinical services
- Unknown group DevMan claims responsibility, alleging the theft of 300GB of company data
- NHS providers have faced ransomware before; 2022 breach sparked £3.07m ICO fine
DXS International, a key technology provider to the National Health Service (NHS) in England, revealed that it suffered a ransomware attack at the hands of an unknown threat actor.
The company filed a new report with the London Stock Exchange stating that it had suffered a “security incident” that affected its office servers.
The attack was discovered on December 14 and has since been remediated. The company said it hired third-party cybersecurity specialists to investigate and assess the damage and notified the relevant authorities about the incident.
300 GB of stolen files
“There was minimal impact to the company’s services and the company’s frontline clinical services remain intact and operational,” the report concludes.
DXS did not share key details: what the nature of the attack was, who carried it out, or whether any files were stolen in the process. However, TechCrunch says it found that a fairly unknown ransomware actor called DevMan took responsibility.
“In a post on their dark website, which TechCrunch has seen, hackers listed the company on December 14 and claimed to have stolen 300 gigabytes of data from the company,” the post states.
If the files have not yet been leaked to the dark web, that could mean that DevMan is trying to extort money from DXS.
This is not the first NHS provider to be hit by ransomware. In 2022, Advanced Computer Group suffered the same fate, but with more tangible effects for the healthcare provider. The attack caused disruptions to critical services at the time, including NHS 111, and meant some healthcare staff were unable to access patient records. The stolen information included patient phone numbers, medical records and, most worryingly, home access details for 890 people receiving home care.
In March 2025, the UK Information Commissioner’s Office (ICO) imposed a fine of £3.07 million for the breach that exposed 79,404 personal information.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
