Tech Provider for NHS England Confirms Data Breach
DXS International, a tech provider to NHS England, confirmed a data breach involving its office servers, which was discovered on December 14. A ransomware group, DevMan, claimed responsibility, stating that they had stolen 300 GB of data. The breach has raised concerns about patient data, although the NHS reported no impact on patient services. The company is working with regulators, including the ICO, to investigate the incident.
DXS International, a U.K.-based company that provides healthcare tech for England’s National Health Service (NHS), disclosed a cyberattack in a statement on Thursday.
In a filing with the London Stock Exchange, the company said it experienced “a security incident affecting its office servers,” which was discovered on December 14. The company said it “immediately” contained the breach by working together with the NHS, and hired a cybersecurity firm to investigate “the nature and extent of the incident.”
“There was minimal impact on the company’s services and the company’s front-line clinical services remain unaffected and operational,” read the filing.
At this point, the specific nature of the breach is unknown, nor is it known whether any patients’ medical information was stolen. However, earlier this week, a ransomware group called DevMan took credit for the breach. In a post on its dark website, which TechCrunch has seen, the hackers listed the company on December 14 and claimed to have stolen 300 gigabytes of data.
DXS said it also notified law enforcement and regulators, including the UK’s data protection authority, the Information Commissioner’s Office (ICO), about the cyberattack.
DXS chief operating officer Steven Bauer did not respond to a series of questions. Instead, Bauer sent TechCrunch a statement echoing the public filing.
Rashana Sweidan Vigerstaff, a spokesperson for the ICO, told TechCrunch that the ICO is assessing the information provided by DXS but did not respond to several questions.
NHS England spokesperson Katie Baldwin told TechCrunch that the health service is “not aware of any patient services being impacted.”
On its website, DXS says it provides software that helps to reduce costs for doctors and primary care physicians. As such, the company’s software touches patient records and data. The company also says that, in some cases, its solutions are hosted on the NHS Health and Social Care Network (HSCN), a system for healthcare organisations across the UK. To access and share information.
In general, the NHS does not store patients’ medical data in a centralised system.
Updated with responses from DXS and the ICO.
What's Your Reaction?
Like
0
Dislike
0
Love
0
Funny
0
Angry
0
Sad
0
Wow
0
