The UK’s Information Commissioner's Office (ICO) has fined Advanced Computer Software Group Ltd £3.07 million ($3.95M) for a 2022 ransomware attack that exposed 79,404 individuals' sensitive data, including NHS patients.
The LockBit ransomware group exploited weak security measures, including poor patch management and incomplete multi-factor authentication (MFA) coverage, to infiltrate the company’s systems.
This is the first time the UK has fined a data processor rather than a data controller. The fine was reduced from £6.09M ($7.74M), but it highlights the critical need for robust cybersecurity measures in handling sensitive healthcare data.
The LockBit ransomware group exploited weak security measures, including poor patch management and incomplete multi-factor authentication (MFA) coverage, to infiltrate the company’s systems.
This is the first time the UK has fined a data processor rather than a data controller. The fine was reduced from £6.09M ($7.74M), but it highlights the critical need for robust cybersecurity measures in handling sensitive healthcare data.
![[Image: MxgnhgZ.gif]](https://i.imgur.com/MxgnhgZ.gif)