NHS England Tech Provider Hit by Data Breach
▼ Summary
– DXS International, a U.K. healthcare tech provider for the NHS, disclosed a cyberattack discovered on December 14 that affected its office servers.
– The company contained the breach with the NHS and hired a cybersecurity firm to investigate, stating its clinical services were largely unaffected and operational.
– A ransomware group named DevMan claimed responsibility, listing the company on December 14 and alleging it stole 300 gigabytes of data.
– DXS notified law enforcement and regulators, but the specific nature of the breach and whether patient data was stolen are not yet known.
– NHS England stated it is not aware of any impact on patient services, and DXS’s software handles patient records, sometimes hosted on NHS networks.
A major technology provider for England’s National Health Service has reported a significant security incident. DXS International, a company that supplies software to the NHS, filed a notice with the London Stock Exchange confirming a cyberattack on its office servers. The breach was first detected on December 14th, prompting the company to act quickly. DXS states it immediately contained the incident in collaboration with the NHS and brought in a cybersecurity firm to conduct a full investigation into what happened and how far it reached.
According to the company’s official statement, the impact on its day-to-day operations was minimal. The company’s front-line clinical services remain unaffected and operational, which suggests patient care delivery was not directly disrupted. DXS has also informed relevant law enforcement agencies and regulators, including the U.K.’s Information Commissioner’s Office (ICO), which oversees data protection.
The precise details of the breach are still unclear, and it is not yet known whether any sensitive patient medical information was compromised. However, a ransomware group known as DevMan has claimed responsibility for the attack. In a post on its dark web site, the hackers listed DXS as a victim on the same date the breach was discovered, boasting they had successfully stolen approximately 300 gigabytes of data from the company’s systems.
An NHS England spokesperson stated that the health service is “not aware of any patient services being impacted” by this event. DXS develops software aimed at helping doctors and primary care physicians reduce administrative costs. This role means the company’s systems routinely handle and process patient records and data. In some instances, its solutions are hosted on the NHS’s own Health and Social Care Network (HSCN), a dedicated system for secure information sharing across U.K. healthcare organizations.
It is important to note that the NHS typically does not centralize patient medical data in a single repository, which can sometimes limit the scope of breaches involving third-party vendors. Representatives from both DXS International and the ICO did not provide immediate comment on a series of follow-up questions regarding the ongoing investigation.
(Source: TechCrunch)
