Summary: The UK Information Commissioner’s Office has fined Advanced Computer Software Group Ltd £3.07 million due to a ransomware attack in 2022 that compromised the personal data of 79,404 individuals, including NHS patients. The attack, attributed to the LockBit ransomware group, highlighted Advanced’s inadequate security measures. This fine marks the first instance in the UK of penalizing a data processor rather than a data controller in such a case.
Affected: Advanced Computer Software Group Ltd and National Health Service (NHS)
Keypoints :
- ICO imposed a £3.07 million fine for data protection failures resulting from a ransomware attack.
- The breach affected 79,404 individuals, including NHS patients, disrupting critical health services.
- Advanced’s poor security practices included inadequate vulnerability scanning, patch management, and incomplete multi-factor authentication coverage.