ICO fines NHS IT firm £6m after medical records hack
Watchdog to fine NHS IT firm £6m after medical records hack
The Information Commissioner’s Office (ICO) has provisionally issued a £6,097,750 fine to Advanced Computer Software Group over a cyberattack in August 2022 that led to the theft of nearly 83,000 people’s medical records. The provisional monetary penalty is the largest ever issued by the ICO.The provisional decision to issue a fine relates to a ransomware incident in August 2022 where the ICO has provisionally found that:
- Advanced failed to put in place appropriate technical and organisational measures to protect medical records from unauthorised access.
- Advanced failed to have in place adequate cybersecurity measures to detect and respond to the ransomware attack.
- Advanced failed to provide adequate training to staff on cybersecurity risks.
- Advanced failed to have in place a robust incident response plan.
The ICO’s investigation is ongoing and the final penalty may be different from the provisional penalty.
Advanced Computer Software Group said it was “deeply disappointed” with the ICO’s decision and was considering its options.
Komentar