Security News > 2024 > August > UK health services call-handling vendor faces $7.7M fine over 2022 ransomware attack

The UK's data protection watchdog says it plans to fine a managed software provider to the NHS £6.09 million for failings that led to a 2022 ransomware attack.
Advanced pulled its systems offline on August 4, 2022, in an incident that was eventually attributed to LockBit, back in its heydey which has thankfully now ended.
For one, the incident was allowed to take place, the ICO said, because a customer account without multi-factor authentication was used to breach the vendor's systems.
"During the initial logon session, the attacker moved laterally in Advanced's Health and Care environment and escalated privileges, enabling them to conduct reconnaissance, and deploy encryption malware. Immediately prior to encrypting systems, the threat actor copied and exfiltrated a limited amount of data," the October 2022 update said.
"For an organization trusted to handle a significant volume of sensitive and special category data, we have provisionally found serious failings in its approach to information security prior to this incident. Despite already installing measures on its corporate systems, our provisional finding is that Advanced failed to keep its healthcare systems secure. We expect all organizations to take fundamental steps to secure their systems, such as regularly checking for vulnerabilities, implementing multi-factor authentication, and keeping systems up to date with the latest security patches."
The Register approached Advanced for a response but it didn't reply.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/08/07/ico_plans_to_fine_nhs/
Related news
- Cyber Attack Severity Rating System Established in UK (source)
- US indicts 8Base ransomware operators for Phobos encryption attacks (source)
- RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset (source)
- Chinese espionage tools deployed in RA World ransomware attack (source)
- Lee Enterprises newspaper disruptions caused by ransomware attack (source)
- Medusa ransomware gang demands $2M from UK private health services provider (source)
- Southern Water says Black Basta ransomware attack cost £4.5M in expenses (source)
- Qilin ransomware claims attack at Lee Enterprises, leaks stolen data (source)
- Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)