- The advanced software company has been fined by ICO for data violation
- This is the first penalty for a data processor
- The information of more than 79,000 people was put at risk
The United Kingdom Information Commissioner (ICO) office has issued a fine of £ 3.07 million to the Software Software Software Software Computer Group LTD after a 2022 ransomware attack in which NHS data were stolen and the systems were encrypted, putting the personal information of 79,404 people at risk.
This is the first fine of the ICO granted to a data processor, and serves as a “marked reminder that organizations run the risk of becoming the next objective without solid security measures,” says the commissioner.
The attack caused interruptions to critical services at that time, including NHS 111, and meant that some medical care employees could not access patient records. The stolen information included patient telephone numbers, medical records and most access details for houses of 890 people who receive home care.
Insufficient protections
An advanced spokesman said Techradar Pro The incident was “totally unfortunate”, and that the company is pleased to see the subject concluded,
“With the threat actors that operate with increasing sophistication, it is above all companies to ensure that their cyber posture is continually strengthened. Cyber security remains a main investment in our entire business, and we have learned a lot as an organization from this attack.”
ICO’s research found Advanced Computer Group LTD not implementing sufficient technical and organizational measures to maintain completely safe health and cars systems before the incident, and pointed out the gaps in the implementation of authentication of multiple factors, inadequate management of patches and “a lack of scan of integral vulnerability.”
“Advanced’s subsidiary security measures were well below what we would expect from an organization that processes such a large volume of confidential information,” confirms John Edwards, information commissioner.
“While Advanced had installed multifactor authentication in many of his systems, the lack of complete coverage meant that computer pirates could obtain access, putting the confidential personal information of thousands of people at risk.”
The firm was affected by a provisional fine of £ 6 million in August 2024, but this was reduced after they underwent the ICO, including the “proactive commitment of Advanced with the NCSC, the NCA and the NHS following the attack and other steps taken to mitigate the risk of the impacted.”
