The NHS (National Health Service) England’s workflow software provider has acknowledged that a cyberattack affected its internal systems. The NHS receives healthcare workflow solutions from DXS International, a British technology business. It was revealed that the cyberattack, in a statement on Thursday by DXS International, a U.K.-based business that supplies healthcare technology to the National Health Service (NHS) of England.
The company reported that on December 14, it detected “a security incident affecting its office servers” in a filing with the London Stock Exchange. In collaboration with the NHS, the company stated it “immediately” isolated the compromise and engaged a cybersecurity consultancy to look into “the nature and extent of the incident.”
The document stated, “There was minimal impact on the company’s services and the company’s front-line clinical services remain unaffected and operational.”
As of this date, neither the precise nature of the breach nor the existence of any stolen patient medical data are known.
However, DevMan, a ransomware gang, claimed responsibility for the hack earlier this week. The hackers claimed to have stolen 300 terabytes of data from the company on December 14 in a post on its dark web site that the members of the press has seen.
It is still unknown whether patient medical data was indeed accessed, even though DXS services about 2,000 general practitioner clinics (with an estimated 17 million patients). The entire scope of the data theft is presently being investigated by a third-party forensic company.
Law enforcement organisations, the National Cyber Security Centre (NCSC), and the Information Commissioner’s Office (ICO) have all been informed by DXS.
According to DXS, the cyberattack was also reported to law enforcement and authorities, such as the Information Commissioner’s Office (ICO), the UK’s data protection authority.
Steven Bauer, the chief operational officer of DXS, did not answer several questions that were asked. Rather, Bauer echoed the public filing in a statement given to the members of the press.
Also the ICO spokesperson Rashana Sweidan Vigerstaff told the members of the press that the ICO is evaluating the data supplied by DXS, but she did not answer a number of enquiries.
Katie Baldwin, a representative for NHS England, told the members of the press that the health agency is “not aware of any patient services being impacted.”
DXS claims on its website that it offers software that helps physicians and primary care physicians cut expenses. Therefore, patient data and records are impacted by the company’s software. Additionally, the company claims that in certain instances, its solutions are hosted on the NHS’s Health and Social Care Network (HSCN), a system that allows healthcare organisations all over the United Kingdom to access and exchange information.
In general, the NHS does not use a centralised system to store patient medical data.
Although NHS England and the ICO have not immediately called on patients to take action, they are encouraged to be alert by keeping an eye out for odd correspondence, such as targeted phishing emails or messages that mention doctor’s visits or prescriptions and verify contact as the NHS won’t request passwords or bank account information by text or email. If in doubt, get in touch with your general practitioner’s office using a reliable phone number.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
