Advanced Fined £3.1M for 2022 Ransomware Attack Impacting NHS Services

The UK's Information Commissioner’s Office (ICO) has fined Advanced Computer Software Group Ltd £3.07 million due to security failings related to a ransomware attack in August 2022, which compromised the personal information of 79,404 individuals. The attack, attributed to the LockBit group, disrupted critical healthcare services, including NHS 111, as hackers accessed systems through a customer account lacking multi-factor authentication (MFA). The ICO's investigation revealed significant shortcomings in Advanced's security measures, including inadequate vulnerability scanning and patch management. While the fine was initially set at £6 million, it was reduced following Advanced's cooperation with authorities post-incident. ICO Commissioner John Edwards emphasized the importance of organizations ensuring robust security measures to protect sensitive personal information. This incident highlights ongoing concerns regarding cybersecurity within the healthcare sector and the importance of regulatory oversight.