UK fines software provider £3.07 million for 2022 ransomware breach

The UK Information Commissioner's Office (ICO) has issued a £3.07 million fine on Advanced Computer Software Group Ltd for a 2022 ransomware attack that exposed the sensitive personal data of 79,404 people, including National Health Service (NHS) patients. The cyberattack was announced in early August 2022 when various NHS services, including 111 emergency services, suffered significant outages, pointing to a breach at British managed service provider (MSP) Advanced. Advanced provided NHS with various patient management and health-related products such as Adastra, Caresys, Carenotes, Odyssey, Crosscare, Staffplan, and eFinancials. The company didn't share many details about which ransomware group had compromised them, but in the days that followed, it became clear that recovery would take long, even with the help from experts at Mandiant and Microsoft. It was later revealed that the LockBit ransomware group was responsible for the attack, leveraging compromised credentials to set u ... Read full article.