Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Advanced Software fined £3m over LockBit attack | Computer Weekly

By Computer Weekly by By Computer Weekly
March 27, 2025
Home Uncategorized
Share on FacebookShare on Twitter


The UK’s Information Commissioner’s Office (ICO) has today fined Advanced Computer Software Group – now known as OneAdvanced – £3.07m for cyber security failings that exacerbated the impact of a LockBit ransomware attack against the organisation.

The cyber attack, which occurred in August 2022, saw services provided by Advanced customers – including the NHS and other healthcare providers – extensively disrupted when they lost access to its Adastra clinical patient management platform.

One of the bodies that relied on Adastra at the time was the frontline 111 service. Other parts of the health service affected included ambulance dispatch, emergency prescriptions, out-of-hours patient services, and referrals.

The ICO said the attack, which began through a customer account that did not have multifactor authentication (MFA) enabled, saw the data of 79,404 people stolen. Among this data were details of how to gain access to the properties of 890 individuals who were receiving care at home.

The regulator concluded that Advanced’s health and care subsidiary did not have appropriate technical and organisational measures in place to guarantee the security of its IT systems, highlighting gaps not just in MFA, but also in vulnerability scanning and patch management.

“The security measures of Advanced’s subsidiary fell seriously short of what we would expect from an organisation processing such a large volume of sensitive information. While Advanced had installed multifactor authentication across many of its systems, the lack of complete coverage meant hackers could gain access, putting thousands of people’s sensitive personal information at risk,” said information commissioner John Edwards.

“People should never have to think twice about whether their medical records are in safe hands. To use services with confidence, they must be able to trust that every organisation coming into contact with their personal information – whether that’s using it, sharing it or storing it on behalf of others – is meeting its legal obligations to protect it,” added Edwards.

I urge all organisations to ensure that every external connection is secured with MFA today to protect the public and their personal information – there is no excuse for leaving any part of your system vulnerable
John Edwards, information commissioner

“With cyber incidents increasing across all sectors, my decision today is a stark reminder that organisations risk becoming the next target without robust security measures in place. I urge all organisations to ensure that every external connection is secured with MFA today to protect the public and their personal information – there is no excuse for leaving any part of your system vulnerable,” he said.

The fine – which is about half the amount initially proposed – marks a first for the ICO, as it has never before levied such a penalty on a data processor under UK data protection law.

Its significant reduction is the result of a number of factors, including representations made by Advanced on the progress it has made, and the organisation’s proactive engagement throughout the incident, which included full cooperation with the National Cyber Security Centre (NCSC), the National Crime Agency (NCA), and the NHS.

The ICO and Advanced have now reached a voluntary settlement, by which Advanced acknowledges the decision to reduce the fine and will pay a final settlement without appeal.

Edwards said this settlement was welcome and provided regulatory certainty without needing to incur more costs and delays associated with an appeal.

The ICO warned others that they must take more proactive steps to assess and mitigate the well-known risk factors that enable ransomware gangs like LockBit to operate their criminal enterprises with ease. These include implementing MFA by default and without exception, and doing more work to assess vulnerabilities and fix them in a more timely manner.

An Advanced spokesperson said: “What happened over two-and-a-half years ago is wholly regrettable. With threat actors operating with increasing sophistication, it is upon all businesses to ensure their cyber posture is continually strengthened. Cyber security remains a primary investment across our business, and we have learned a great deal as an organisation since this attack.

“We reported the incident to the ICO in August 2022 and are pleased to see this matter concluded. Our focus remains steadfast on supporting our customers as they navigate the rapidly evolving technology landscape, ensuring they achieve their strategic growth and operational efficiency goals.”



Source link

By Computer Weekly

By Computer Weekly

Next Post
Info-Tech LIVE 2025 Reveals First Featured Speakers for Premier Las Vegas IT Conference in June

Info-Tech LIVE 2025 Reveals First Featured Speakers for Premier Las Vegas IT Conference in June

Recommended.

EdgeCore Digital Infrastructure Built For ‘Exponential’ Growth, New President Tells CRN

EdgeCore Digital Infrastructure Built For ‘Exponential’ Growth, New President Tells CRN

June 13, 2025
Cerillion Named as a Major Player in IDC MarketScape for Worldwide Customer Experience Platforms for Telecommunications 2025

Cerillion Named as a Major Player in IDC MarketScape for Worldwide Customer Experience Platforms for Telecommunications 2025

September 25, 2025

Trending.

⚡ Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More

⚡ Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More

October 6, 2025
Cloud Computing on the Rise: Market Projected to Reach .6 Trillion by 2030

Cloud Computing on the Rise: Market Projected to Reach $1.6 Trillion by 2030

August 1, 2025
Stocks making the biggest moves midday: Autodesk, PayPal, Rivian, Nebius, Waters and more

Stocks making the biggest moves midday: Autodesk, PayPal, Rivian, Nebius, Waters and more

July 14, 2025
The Ultimate MSP Guide to Structuring and Selling vCISO Services

The Ultimate MSP Guide to Structuring and Selling vCISO Services

February 19, 2025
Translators’ Voices: China shares technological achievements with the world for mutual benefit

Translators’ Voices: China shares technological achievements with the world for mutual benefit

June 3, 2025

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio