The personal details of nearly 83,000 people were stolen during a cyber attack in 2022 that caused a “total system outage” of 111 services and left several trusts without access to their electronic patient records, regulators have revealed.
Software supplier Advanced — now known as OneAdvanced — was targeted by a criminal hacker group in August 2022. It supplies its Adastra system to 85% of NHS 111 providers, while its Careflow EPR is used by around a dozen community and mental health trusts.
On Wednesday, the Information Commissioner’s Office announced it had concluded its provisional findings into the attack and had issued a £6m fine to OneAdvanced, which it said had “failed to implement measures to protect” personal patient information.
According to the ICO, sensitive information such as phone numbers and medical records belonging to 82,946 people was stolen during the attack. Details about how to gain entry to the homes of 890 people who were receiving care at home were also stolen.
In the wake of the attack, NHS England said it had received assurances from OneAdvanced that no data held by mental health trusts had been “breached” from its Careflow system.
The supplier said that none of the stolen information was ever made public or released on the dark web.
Read full story (paywalled)
Source: HSJ, 7 August 2024
0 Comments
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now