The Information Commissioner’s Office (ICO) has imposed a £6.09 million fine on software provider Advanced for failing to protect the personal information of almost 83,000 individuals.
Following major outages in health and care systems in August 2022, it was discovered that client data was accessed by hackers using LockBit 3.0 malware.
Personal information of 82,946 people, including sensitive data and details of home entry for care recipients, was compromised. The ICO’s provisional findings indicate that Advanced’s security measures were inadequate.
UK information commissioner John Edwards emphasized the importance of information security and the impact on patient care. The ICO’s investigations are ongoing, with the final decision pending Advanced’s response.
Advanced, now OneAdvanced, confirmed the cyber incident and measures taken to address it. They pledge full cooperation with the ICO’s investigation and emphasize no public data exposure or impact on NHS patient data.
