UK watchdog fines NHS vendor Advanced £6m for cybersecurity failure
LONDON: The UK Information Commissioner’s Office (ICO) has issued a provisional fine of over £6 million to NHS vendor Advanced after it found the company had failed to secure personal data that was stolen in a ransomware attack.
The UK data watchdog said it issued the fine to the NHS vendor after finding out that the cyberattackers were able to initially access “a number of Advanced’s health and care systems via a customer account that did not have multi-factor authentication.”
In August 2022, a cyberattack on Advanced caused outages to NHS services across the UK. Many hospitals were forced to work offline for weeks, and the NHS non-emergency 111 call line suffered major disruption.
The ICO said that the cyberattack resulted in the theft of data from around 83,000 people in the UK. As well as the details of “how to gain entry into the homes of 890 people who were receiving care at home.”.
A provisional fine of £6.09 million has been set by the ICO, which means that it could be changed by the watchdog.
The fine was issued after the ICO said Advanced “breached data protection law by failing to implement appropriate security measures prior to the attack to protect the personal information it was processing.”
GlobalData’s cybersecurity market report forecasts that the global market will be worth $290 billion by 2027, growing at a compound annual growth rate of 13% between 2022 and 2027.
Managed security services, application security, and identity and access management will be high-growth areas, according to the company.
As enterprises look to invest in tighter security and cybersecurity companies look to integrate new technologies, 2024 has already been a busy year for cybersecurity acquisitions.