The Information Commissioner’s Office (ICO) has issued a fine of just over £6m to a major NHS IT provider after a cyberattack in August 2022 saw sensitive information stolen, including medical records belonging to 82 946 people.
The records were stolen by hackers who launched a ransomware attack—which shuts down an organisation’s computers or encrypts data and demands payment to restore access—on the IT company Advanced, which provides IT and software services to the NHS and other healthcare providers.
The company supplies its Adastra system to 85% of NHS 111 providers, and its Carenotes Electronic Patient Record is used by around a dozen community and mental health trusts.
The attack on the morning of 4 August …