NHS Software Provider Hit with £6m Fine for Data Breach
The Information Commissioner’s Office (ICO) has imposed a provisional fine of £6m on Advanced Computer Software Group, an NHS software provider, following a serious data breach in October 2022. The breach resulted in the personal information of 82,946 people being stolen, including patient medical records.
The attackers gained access to sensitive information by using a poorly protected customer account. The stolen data included information on “how to gain entry to the homes of 890 people.” Although those affected were notified, no evidence has been found that the stolen information has been used on the dark web.
The breach caused disruption to some health services, including GP services being forced to resort to paper notes. The ICO has urged organizations to secure their systems with multi-factor authentication to avoid similar incidents in the future.