NHS Supplier Hit by Cyber-Attack, Patient Care Unaffected

A recent cyber-attack on a key technology supplier to the UK’s National Health Service has been contained, with officials confirming that patient care and clinical services remain fully operational. DXS International, an official partner of NHS England, discovered the incident on its office servers on December 14th. The company swiftly moved to contain the breach and launched an investigation with NHS England and an external cybersecurity agency. According to a filing made to the London Stock Exchange, the attack resulted in minimal disruption to the company’s services and is not expected to cause significant financial harm.

The company provides NHS-approved clinical support solutions used by healthcare professionals and patients across England. In response to the breach, DXS notified critical authorities including the Information Commissioner’s Office and several NHS governing bodies. This prompt action underscores the heightened security protocols now in place for organizations handling sensitive health data.

Following the discovery of the incident, a threat actor using the name Devman listed DXS on a data leak site. The group claimed responsibility for stealing approximately 300 gigabytes of data from the company and threatened to release the information publicly. These claims regarding stolen data have not been verified by DXS International or the NHS. The situation highlights the persistent cybersecurity challenges facing critical national infrastructure and its supply chain, prompting ongoing reviews of digital defense measures across the healthcare sector.

(Source: InfoSecurity Magazine)