His comments followed a series of ransomware incidents affecting the healthcare sector last year, including one in which every single household in the Scottish region of Dumfries and Galloway received a letter warning residents that their data was likely to have been accessed by cybercriminals and published online following a ransomware attack. As previously reported by Recorded Future News, despite ransomware data breaches reaching record high levels across the United Kingdom, the number of incidents being investigated by the ICO is dwindling to record lows, raising questions about the regulator’s capacity and approach to the problem. Advanced, a business that provides IT services to numerous healthcare providers in the United Kingdom, has been fined £3.1 million (about $4 million) by the country’s privacy regulator over a ransomware attack in 2022. The ransomware attack on Advanced in August 2022, suspected to have been conducted by the LockBit group, followed hackers accessing systems operated by one of Advanced’s subsidiaries via a customer account that did not have multi-factor authentication enabled. Earlier this year, the government proposed a major overhaul of how the country responds to ransomware attacks, including by banning public sector bodies from making extortion payments and requiring all victims to report incidents to the government. Data on more than 900,000 individuals was subsequently published online by the cyber extortion group behind the attack, according to an analysis of the data reported by Recorded Future News. Under both the European Union and United Kingdom’s data protection laws, organizations controlling and processing personal data are required to protect that data and can face investigations and fines from regulators in the wake of an incident. Doctors, nurses and other staff were forced to resort to pen and paper to complete their jobs due to the impact on IT systems — provoking a crisis management COBR meeting in the British government as officials feared the impact the attack could have on patient care. The Information Commissioner said on Thursday: “With cyber incidents increasing across all sectors, my decision today is a stark reminder that organisations risk becoming the next target without robust security measures in place. The British government has pledged to introduce a new Cyber Security and Resilience Bill to parliament this year to address the growing disruption caused by cyberattacks.
This Cyber News was published on therecord.media. Publication date: Thu, 27 Mar 2025 00:05:04 +0000