Total Tests:

Provisional £6m Fine Imposed on Software Provider Following NHS Ransomware Attack

By Kirsten Doyle for Information Security Buzz
Thursday, August 8, 2024

The attack resulted in the exfiltration of personal information, including phone numbers, medical records, and entry details for 890 individuals receiving home care. The breach caused significant disruption to critical services, notably NHS 111, with healthcare staff unable to access essential patient records. Although Advanced reported no evidence of the stolen data being published on the dark web, the incident had a profound impact on affected individuals.

A “Pretty Lenient” Decision

Dr Ilia Kolochenko, CEO of ImmuniWeb and Adjunct Professor of Cybersecurity at Capital Technology University, said the UK ICO’s provisional decision is likely motivated, among other things, by the attack’s disastrous impact and aftermath, which practically paralyzed the British healthcare system in 2022.

“Under Article 83 of the UK GDPR, the turnover-based penalty threshold—for data security failures and other violations of Article 32—is 2% of the preceding financial year’s annual turnover, while a fixed penalty of up to £8,700,000 may be imposed instead at the discretion of the regulator or court,” Kolochenko said.

The provisional fine seems to represent about 2.3% of advanced annual turnover in 2021, being slightly above the turnover-based cap but considerably less than the fixed fine cap. “Therefore, if regarded through the prism of damage suffered by innocent third parties, the ICO decision is pretty lenient,” Kolochenko added. Read Full Article


Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a Technical Question?

Our security experts will answer within
one business day. No obligations.

Have a Sales Question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
*
Your data will stay private and confidential