SHOCKING EXPOSÉ: NHS Vendor Advanced Handed £6 Million Fine for Lax Security That Led to Ransomware Attack
The UK’s data protection authorities have slammed NHS vendor Advanced with a provisional fine of £6.09 million for its egregious failure to secure sensitive patient data, which was later stolen in a devastating ransomware attack that crippled the country’s healthcare system.
The attack, which occurred in August 2022, was facilitated by Advanced’s reckless disregard for cybersecurity best practices. The company’s lack of multi-factor authentication allowed hackers to breach its systems, gaining access to the personal information of nearly 83,000 people, including phone numbers, medical records, and even the addresses of vulnerable patients receiving home care.
The consequences of Advanced’s negligence were catastrophic. The ransomware attack caused widespread disruption to NHS services, forcing hospitals and medical practices to resort to pen and paper for weeks. Physicians were unable to access patient records, leaving them unable to provide adequate care.
The investigation revealed that the LockBit ransomware gang was behind the attack, but Advanced has refused to confirm whether it paid the ransom. The company’s lack of transparency is just the latest example of its failure to take responsibility for its security failures.
The UK Information Commissioner’s Office (ICO) has issued a strong warning to all organizations handling sensitive health data: "Urgently secure external connections with multi-factor authentication." But it’s too little, too late for the thousands of patients whose personal information was compromised.
Advanced’s silence on the matter is deafening. The company’s spokespeople failed to respond to requests for comment, leaving the public to wonder what exactly they are hiding.
The provisional fine is a slap on the wrist for Advanced’s egregious breach of data protection law. It’s a clear indication that the company’s priorities lie with profits over patient privacy.
The public deserves better. It’s time for Advanced to come clean about its security failures and take responsibility for the harm it has caused.
Author: Kayitsi.com
