
Advanced Software fined 3m over LockBit attack
www.computerweekly.com
Sikov - stock.adobe.comNewsAdvanced Software fined 3m over LockBit attackThe ICO has issued a 3m fine to software provider Advanced in the wake of security failings that led to significant disruption to NHS customers in a ransomware attackByAlex Scroxton,Security EditorPublished: 27 Mar 2025 0:01 The UKs Information Commissioners Office (ICO) has today fined Advanced Computer Software Group now known as OneAdvanced 3.07m for cyber security failings that exacerbated the impact of a LockBit ransomware attack against the organisation.The cyber attack, which occurred in August 2022, saw services provided by Advanced customers including the NHS and other healthcare providers extensively disrupted when they lost access to its Adastra clinical patient management platform.One of the bodies that relied on Adastra at the time was the frontline 111 service. Other parts of the health service affected included ambulance dispatch, emergency prescriptions, out-of-hours patient services, and referrals.The ICO said the attack, which began through a customer account that did not have multifactor authentication (MFA) enabled, saw the data of 79,404 people stolen. Among this data were details of how to gain access to the properties of 890 individuals who were receiving care at home.The regulator concluded that Advanceds health and care subsidiary did not have appropriate technical and organisational measures in place to guarantee the security of its IT systems, highlighting gaps not just in MFA, but also in vulnerability scanning and patch management.The security measures of Advanceds subsidiary fell seriously short of what we would expect from an organisation processing such a large volume of sensitive information. While Advanced had installed multifactor authentication across many of its systems, the lack of complete coverage meant hackers could gain access, putting thousands of peoples sensitive personal information at risk, said information commissioner John Edwards.People should never have to think twice about whether their medical records are in safe hands. To use services with confidence, they must be able to trust that every organisation coming into contact with their personal information whether thats using it, sharing it or storing it on behalf of others is meeting its legal obligations to protect it, added Edwards. I urge all organisations to ensure that every external connection is secured with MFA today to protect the public and their personal information there is no excuse for leaving any part of your system vulnerable John Edwards, information commissioner With cyber incidents increasing across all sectors, my decision today is a stark reminder that organisations risk becoming the next target without robust security measures in place. I urge all organisations to ensure that every external connection is secured with MFA today to protect the public and their personal information there is no excuse for leaving any part of your system vulnerable, he said.The fine which is about half the amount initially proposed marks a first for the ICO, as it has never before levied such a penalty on a data processor under UK data protection law.Its significant reduction is the result of a number of factors, including representations made by Advanced on the progress it has made, and the organisations proactive engagement throughout the incident, which included full cooperation with the National Cyber Security Centre (NCSC), the National Crime Agency (NCA), and the NHS.The ICO and Advanced have now reached a voluntary settlement, by which Advanced acknowledges the decision to reduce the fine and will pay a final settlement without appeal.Edwards said this settlement was welcome and provided regulatory certainty without needing to incur more costs and delays associated with an appeal.The ICO warned others that they must take more proactive steps to assess and mitigate the well-known risk factors that enable ransomware gangs like LockBit to operate their criminal enterprises with ease. These include implementing MFA by default and without exception, and doing more work to assess vulnerabilities and fix them in a more timely manner.An Advanced spokesperson said: What happened over two-and-a-half years ago is wholly regrettable. With threat actors operating with increasing sophistication, it is upon all businesses to ensure their cyber posture is continually strengthened. Cyber security remains a primary investment across our business, and we have learned a great deal as an organisation since this attack.We reported the incident to the ICO in August 2022 and are pleased to see this matter concluded. Our focus remains steadfast on supporting our customers as they navigate the rapidly evolving technology landscape, ensuring they achieve their strategic growth and operational efficiency goals.Read more about ransomwareThis key member of the Black Basta ransomware gang is wanted by the US justice system. He narrowly escaped extradition at the end of June 2024,with the help of highly-placed contacts in Moscow.Several factors, including the impact of law enforcement operations disrupting cyber criminal gangs and better preparedness among users, may be behind a significant drop inthe total value of ransomware payments.The criminal ransomware fraternity was hard at work over the festive period, with attack volumes rising and a new threat actoremerging on the scene.In The Current Issue:Can a future digital NHS survive another change?Digital twins drive efficiency across machines and infrastructureDownload Current IssueCurve banking app on Amazfit Inspect-a-GadgetWhat to expect from Qlik Connect 2025 CW Developer NetworkView All Blogs
0 Comments
·0 Shares
·50 Views