© 2025 CoolTechZone - Latest tech news,
product reviews, and analyses.

ICO slaps Advanced Computer Software Group with £3.07M fine

by  Anton Mous
ICO
Image by Shutterstock.

The Information Commissioner’s Office (ICO) has issued a £3.07 million fine to Advanced Computer Software Group for a data breach that happened years ago.

The fine relates to a ransomware incident dating back to August 2022. Hackers were able to access some of Advanced Computer Software Group’s health and care subsidiary systems via a customer account that wasn’t protected with multi-factor authentication.

Due to the incident, several services of the National Health Service (NHS) suffered significant outages, including 111 emergency services. Healthcare staff were unable to consult patient records. The attack also exposed sensitive and personal information of 79,404 people, including details of how to gain entry into the homes of 890 people who were receiving care at home.

The United Kingdom’s data protection authority ICO investigated the matter and came to the conclusion that Advanced Computer Software Group didn’t have appropriate technical and organizational measures in place to keep its health and care systems adequately secure around the time of the ransomware attack.

“The security measures of Advanced’s subsidiary fell seriously short of what we would expect from an organisation processing such a large volume of sensitive information. While Advanced had installed multi-factor authentication across many of its systems, the lack of complete coverage meant hackers could gain access, putting thousands of people’s sensitive personal information at risk,” Information Commissioner John Edwards says in a statement.

Initially, the ICO intended to lay down a fine of £6.09 million on Advanced Computer Software Group. However, the company appealed to this decision and was able to demonstrate that security measures had been taken since the incident to mitigate the risk to those impacted.

The ICO and Advanced Computer Software Group have come to a voluntary settlement, in which the latter agreed to pay a final penalty of £3,076,320 without appealing.

“I welcome the settlement with Advanced, which concludes our investigation into this incident, providing regulatory certainty to org

Share
Post
Share
Share
Share
Share
Share
Leave a Reply

Your email address will not be published. Required fields are marked