Home / News & Resources / News & Updates / NHS Software Provider Faces £6m Fine Over Data Breach

NHS Software Provider Faces £6m Fine Over Data Breach

  • Posted on

Legal director Christine Sabino explains the details of a data breach which has led to the ICO imposing a £6m fine on an NHS software provider.

An NHS software provider is facing a potential £6m fine from the Information Commissioner’s Office (ICO) following a data breach affecting over 80,000 individuals. The incident, which occurred in 2022, compromised sensitive personal information, including medical records and details, allowing unauthorised access to the homes of nearly 900 people.

The ICO has emphasised that the £6m figure is provisional, pending further investigation and a response from Advanced Computer Software Group, the company involved. However, the regulator has confirmed that hackers exfiltrated personal data belonging to over 82,000 people.

While Advanced Computer Software Group has reported no evidence of data being leaked on the dark web, the cyberattack resulted in the shutdown of seven critical health systems, including those used for patient check-ins, medical records, and the NHS 111 service.

The breach caused widespread disruption, with doctors describing the subsequent backlog of paperwork as overwhelming.

The ICO has determined that the breach was facilitated by a customer account with insufficient security measures. It has placed blame on Advanced Computer Software Group for failing to implement adequate safeguards to protect against such vulnerabilities.

The Information Commissioner has additionally urged organisations, particularly those handling sensitive health data, to prioritise cybersecurity and implement robust measures such as multi-factor authentication.

As one of the country’s leading teams of data breach experts, we understand just how serious it can be when medical records are lost or stolen.

While the ICO’s actions are certainly welcome, and demonstrate that they are taking the matter very seriously, it is important that anyone affected by the breach understands what their options are moving forward.

The ICO cannot award compensation for data breaches, which means that victims will need to pursue a claim separately. This is something our data breach specialists will be able to help you with where appropriate.

You can find out more about our expertise and how we handle data breach claims here.

To speak to a member of our team about the NHS software provider data breach, please do not hesitate to give us a call on 0330 041 5130, or use our online claim form.