The UK data watchdog is set to fine NHS vendor Advanced for security failures that occurred before the LockBit ransomware attack. These security lapses contributed to the vulnerability exploited during the attack.

The cyber attack had extensive repercussions, impacting the systems for dispatching ambulances, booking out-of-hours appointments, and issuing emergency prescriptions.

In a provisional ruling, the ICO stated that the software provider violated data protection laws by failing to secure personal information for 82,946 individuals.

These records were stolen in a ransomware attack by hackers who accessed Advanced's computer systems through an account that lacked multi-factor authentication (MFA).

Typically, MFA would have prevented cyber criminals from using stolen passwords to gain access.

The stolen data included sensitive information such as phone numbers, medical records, and details on how to access the properties of 890 people receiving home care.

Read more

Seamus Larroque

CDPO / CPIM / ISO 27005 Certified

Home

Discover our latest articles

View All Blog Posts
June 25, 2024
No items found.

UK's NHS says hackers have published data stolen in ransomware attack

The UK's National Health Service (NHS) has confirmed that data stolen in a ransomware attack on Synnovis, a medical diagnostics service, has been published online, and the extent of the breach and its impact on patients is under investigation.

April 29, 2024
Regulation

FTC Completes Updates to Health Breach Notification Rule for Health Apps

The Federal Trade Commission announced it has finalized changes to the Health Breach Notification Rule (HBNR) that will strengthen and modernize the rule by clarifying its applicability to health apps and other similar technologies and expanding the information that covered entities must provide to consumers when notifying them of a breach of their health data.