"The UK’s Information Commissioner’s Office (ICO) has announced a provisional decision to impose a fine of £6.09M ($7.74 million) on Advanced Computer Software Group Ltd (Advanced) for its failure to protect the personal information of tens of thousands when it was hit by ransomware in 2022.
Advanced, an IT service and hosting provider contracted by the United Kingdom’s National Health Service (NHS), was compromised by threat actors on August 4, 2022.
The incident impacted hundreds of public and private entities, including NHS 111, and various healthcare products such as Adastra, Caresys, Odyssey, Carenotes, Crosscare, Staffplan, and eFinancials.
As a result of the breach, the personal information of nearly 83,000 people was exposed, including instructions on how to access homes for 890 people receiving care at home…"