64 views 35 secs 0 comments

UK data watchdog to fine NHS vendor Advanced for security failures prior to LockBit ransomware attack

UK data watchdog to fine NHS vendor Advanced for security failures prior to LockBit ransomware attack

The 2022 ransomware attack on Advanced, a National Health Service (NHS) vendor, was devastating to patient care. Now the U.K.’s Information Commissioner’s Office has indicated it plans to impose a substantial fine on the vendor. TechCrunch reports:

U.K. data protection authorities have issued a provisional fine of more than £6 million to NHS vendor Advanced after finding that the company failed to properly secure the information of thousands of people later stolen in a ransomware attack.

In a statement, the U.K. Information Commissioner’s office (ICO) said it issued the fine after determining that the cybercriminals behind the August 2022 ransomware attack “initially accessed a number of Advanced’s health and care systems via a customer account that did not have multi-factor authentication.”

The cyberattack on Advanced led to widespread disruption to NHS services across the United Kingdom at the time, causing outages at the NHS non-emergency 111 line and forcing hospitals and medical practices to resort to pen and paper for weeks. Physicians at affected NHS trusts reported that they could not access patient records.

Read more at TechCrunch.

The ICO’s statement can be found here.