A software program supplier is going through a possible £6 million wonderful following a 2022 ransomware assault that disrupted NHS and social care providers throughout England.
The Info Commissioner’s Workplace (ICO) has provisionally concluded that Superior Laptop Software program Group didn’t implement sufficient measures to safeguard the non-public information of 82,946 individuals affected by the breach, which included delicate data.
Superior supplies IT and software program providers to numerous organisations, together with the NHS and different well being suppliers, functioning as an information processor. In August 2022, hackers gained entry to the agency’s well being and care programs by means of a buyer account missing multifactor authentication.
The cyberattack prompted important disruptions to essential providers similar to NHS 111, with information stolen together with cellphone numbers, medical data, and particulars on the best way to entry the houses of almost 900 people receiving residence care.
A leaked inside NHS England memo revealed that the assault had affected a number of NHS providers, together with pressing remedy centres and psychological well being suppliers, by taking important software program offline, posing a considerable problem to those providers.
Info Commissioner John Edwards emphasised the significance of prioritising data safety: “Losing control of sensitive personal information will have been distressing for people who had no choice but to put their trust in health and care organisations. Not only was personal information compromised, but we have also seen reports that this incident caused disruption to some health services, disrupting their ability to deliver patient care.”
Edwards expressed hope that the wonderful would immediate corporations to urgently enhance their information safety measures. He added, “For an organisation trusted to handle a significant volume of sensitive and special category data, we have provisionally found serious failings in its approach to information security prior to this incident. We expect all organisations to take fundamental steps to secure their systems, such as regularly checking for vulnerabilities, implementing multifactor authentication, and keeping systems up to date with the latest security patches.”
The ICO’s findings are provisional, and the regulator will think about any representations from Superior earlier than reaching a closing choice.