The UK Information Commissioner’s office (ICO) has issued a provisional fine of over £6m to NHS vendor Advanced after it found the company had failed to secure personal data which was stolen in a ransomware attack.
The UK data watchdog said it issued the fine to the NHS vendor after finding out that the cyberattackers were able to initially access “a number of Advanced’s health and care systems via a customer account that did not have multi-factor authentication.”
In August 2022, a cyberattack on Advanced caused outages to NHS services across the UK. Many hospitals were forced to work offline for weeks and the NHS non-emergency 111 call line suffered major disruption.
The ICO said that the cyberattack resulted in the theft of data to around 83,000 people in the UK. As well as the details of “how to gain entry to the homes of 890 people who were receiving care at home”.
A provisional fine of £6.09m has been set by the ICO, which means that it could be changed by the watchdog.
The fine was issued after the ICO said Advanced “breached data protection law in failing to implement appropriate security measures prior to the attack to protect the personal information it was processing.”
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataGlobalData’s cybersecurity market report forecasts that the global market will be worth $290bn by 2027, growing at a compound annual growth rate of 13% between 2022 and 2027.
Managed security services, application security, and identity and access management will be high-growth areas, according to the company.
As enterprises look to invest in tighter security and cybersecurity companies look to integrate new technologies, 2024 has already been a busy year for cybersecurity acquisitions.