Importance Score: 75 / 100 🔴
London, UK – NHS technology vendor Advanced has been levied a fine exceeding £3 million ($3.8 million) by the UK’s data protection regulator, the Information Commissioner’s Office (ICO). This penalty stems from the company’s failure to implement basic security protocols prior to a ransomware attack in 2022, resulting in a significant data breach.
Reduced Fine for NHS Data Breach Vendor
The finalized penalty represents a reduction from the £6 million sum initially indicated by the Information Commissioner’s Office (ICO) in August 2024. The data protection authority’s initial assessment cited serious security deficiencies at Advanced.
Security Failures Preceded Cyberattack
According to a statement released Wednesday, the ICO determined that Advanced “contravened data protection law” by not fully implementing multi-factor authentication (MFA) prior to the security incident. This security gap allowed cyber attackers to exploit compromised access credentials and access the personal data belonging to tens of thousands of individuals throughout the United Kingdom.
Ransomware Attack Disrupts NHS Services
The LockBit ransomware attack on Advanced triggered substantial service disruptions across the National Health Service (NHS), notably affecting vital patient data systems operated by Advanced.
Advanced Acknowledges Resolution
Advanced issued a statement confirming the settlement. The company declined to nominate a spokesperson when approached by TechCrunch for additional remarks.
vCard.red is a free platform for creating a mobile-friendly digital business cards. You can easily create a vCard and generate a QR code for it, allowing others to scan and save your contact details instantly.
The platform allows you to display contact information, social media links, services, and products all in one shareable link. Optional features include appointment scheduling, WhatsApp-based storefronts, media galleries, and custom design options.