73 million) against the Advanced Computer Software Group. This decision results from a security incident in which personal data of numerous individuals, including highly sensitive health information, was compromised. The incident occurred in August 2022 and involved a ransomware attack on systems compromised through an account without multi-factor authentication. Notably, the Advanced Computer Software Group has since come under increased scrutiny for allegedly inadequate measures to protect personal data. According to preliminary findings by the ICO, a total of 82,946 individuals were affected by the data breach.

Stolen information includes medical records, phone numbers, and access details for the homes of 890 individuals receiving in-home care. The cyberattack also disrupted critical NHS services such as NHS 111 and prevented medical personnel from accessing patient files. Despite the severity of the incident, there is currently no evidence that the stolen data has been published on the dark web. All affected parties have been notified, and the Advanced Computer Software Group has the opportunity to respond to the preliminary findings before a final decision is made. British Information Commissioner John Edwards expressed concerns over the serious security deficiencies at Advanced and emphasized the need for fundamental security measures, including regular vulnerability assessments and the implementation of multi-factor authentication.

This preliminary decision serves as a warning to all organizations, particularly those processing sensitive health data, to urgently secure their systems and prevent similar incidents in the future.