Summary: The UK Information Commissioner’s Office has fined Advanced Computer Software Group £3 million due to a 2022 data breach caused by a ransomware attack. This incident, involving the notorious LockBit group, compromised personal information of approximately 80,000 individuals linked to healthcare services. Advanced failed to adequately secure systems, notably lacking multi-factor authentication, leading to significant regulatory scrutiny and penalties.
Affected: Advanced Computer Software Group (OneAdvanced), UK National Health Service
Keypoints :
- Advanced was targeted by the LockBit ransomware group in 2022, resulting in severe service disruptions.
- Compromised data included sensitive information for nearly 900 home care patients, including access details.
- The ICO concluded that Advanced violated data protection laws by not implementing adequate security measures like MFA.
- The fine is voluntary, with Advanced opting to pay without appealing, reflecting their commitment to improve cybersecurity protocols.
- The incident underscores the importance of basic security practices to mitigate cybersecurity risks effectively.
Source: https://www.securityweek.com/uk-software-firm-fined-3-million-over-ransomware-caused-data-breach/