news 
NHS Vendor Advanced to Pay £3 Million Fine Following 2022 Ransomware Attack
Advanced, a healthcare IT vendor, has agreed to pay a staggering £3 million ($3.8 million) as a fine for failing to implement basic security measures prior to a devastating 2022 ransomware attack that crippled the UK’s National Health Service (NHS).
According to reports, Advanced neglected to roll out multi-factor authentication, which allowed hackers to gain access to the system using stolen credentials and steal personal information from tens of thousands of people across the United Kingdom. The company’s security shortcomings resulted in widespread outages throughout the NHS, including disruptions to patient data systems that Advanced maintains on behalf of the healthcare service.
The data breach, caused by the LockBit ransomware attack, had far-reaching consequences for patients and the healthcare system as a whole. In its statement, Advanced confirmed that it has settled the matter, but declined to provide further comment when asked by TechCrunch.
The Information Commissioner’s Office (ICO) initially sought a fine exceeding £6 million in August 2024, accusing Advanced of “breaking data protection law” due to its failure to implement adequate security measures. Although the agreed-upon fine is significantly lower than the initial demand, it still serves as a stark reminder of the devastating consequences that can result from neglecting cybersecurity protocols.
The incident highlights the critical importance of robust IT infrastructure and the need for healthcare vendors to prioritize data protection above all else.
Source: https://techcrunch.com/2025/03/27/nhs-vendor-advanced-to-pay-3m-fine-following-2022-ransomware-attack/
