Advanced Computer Software Group, a software supplier, is facing a potential fine of £6.09m for not implementing appropriate cyber security measures to protect personal data stolen by the LockBit ransomware gang in August 2022. The attack caused disruption to NHS trusts and other social care bodies using Advanced’s services. LockBit accessed Advanced’s network using legitimate credentials without multifactor authentication enabled, allowing them to steal sensitive data and execute ransomware. Information commissioner John Edwards emphasized the importance of information security and the need for organizations to prioritize data protection. Advanced has cooperated with the ICO’s investigation and plans to make representations in response to the provisional findings. The organization has taken steps to enhance cyber security measures since the incident in 2022.
Menu
