A provisional fine of £6.09m has been set by the ICO Credit: Jaap Arriens/NurPhoto via Getty Images

The UK Information Commissioner’s office (ICO) has issued a provisional fine of over £6m to NHS vendor Advanced after it found the company had failed to secure personal data which was stolen in a ransomware attack. 

The UK data watchdog said it issued the fine to the NHS vendor after finding out that the cyberattackers were able to initially access “a number of Advanced’s health and care systems via a customer account that did not have multi-factor authentication.”

Go deeper with GlobalData

Data Insights

The gold standard of business intelligence.

Find out more

Related Company Profiles

View all

In August 2022, a cyberattack on Advanced caused outages to NHS services across the UK. Many hospitals were forced to work offline for weeks and the NHS non-emergency 111 call line suffered major disruption. 

The ICO said that the cyberattack resulted in the theft of data to around 83,000 people in the UK. As well as the details of “how to gain entry to the homes of 890 people who were receiving care at home”.

A provisional fine of £6.09m has been set by the ICO, which means that it could be changed by the watchdog. 

The fine was issued after the ICO said Advanced “breached data protection law in failing to implement appropriate security measures prior to the attack to protect the personal information it was processing.”

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

GlobalData’s cybersecurity market report forecasts that the global market will be worth $290bn by 2027, growing at a compound annual growth rate of 13% between 2022 and 2027.

Managed security services, application security, and identity and access management will be high-growth areas, according to the company.

As enterprises look to invest in tighter security and cybersecurity companies look to integrate new technologies, 2024 has already been a busy year for cybersecurity acquisitions.