Skip to content
Search
  • Login
© IHEEM 2025. All rights reserved.
  • About Us
    • History
    • Governance
    • Meet the Team
    • Committees
    • IHEEM Sustainability Policy
    • Knowledge Partners
    • Diversity and Inclusion
  • Branches
    • South West
    • Southern
    • London & South East
    • East Anglia
    • East Midlands
    • West Midlands
    • North-East
    • North West
    • Yorkshire
    • Northern Ireland
    • Republic of Ireland
    • Scotland
    • Wales
    • Hong Kong
  • Events
    • Upcoming Events
    • Past Events
  • News
  • Jobs
  • FAQs
  • Contact us
  • About Us
    • History
    • Governance
    • Meet the Team
    • Committees
    • IHEEM Sustainability Policy
    • Knowledge Partners
    • Diversity and Inclusion
  • Branches
    • South West
    • Southern
    • London & South East
    • East Anglia
    • East Midlands
    • West Midlands
    • North-East
    • North West
    • Yorkshire
    • Northern Ireland
    • Republic of Ireland
    • Scotland
    • Wales
    • Hong Kong
  • Events
    • Upcoming Events
    • Past Events
  • News
  • Jobs
  • FAQs
  • Contact us
  • Membership & Registration
    • Join IHEEM
      • Individual
      • Company
      • Authorising Engineers
      • Free
      • Member Get Member
    • Membership Information
    • Professional Registration
      • Engineering Technician
      • Incorporated Engineer
      • Chartered Engineer
  • Platforms
    • Technical Platforms
      • Decontamination
      • Fire Safety
      • Electrical
      • Mechanical
      • Medical Devices
      • Medical Gas Pipeline Systems
      • Ventilation
      • Water
    • Advisory Platforms
      • Environmental Advisory Platform
      • Health and Safety Advisory Platform
      • Strategic Estates Management Advisory Platform (SEMAP)
    • Ask an expert
  • Authorising Engineers
    • AE Directory
    • AE Applications
  • Affiliates
    • Company
    • NHS
    • University
  • Future Leaders
    • YOUNG ENGINEERS
      • MEET THE ENGINEERS
      • WORK EXPERIENCE
      • CAREER PATHS
      • Skills Hub
    • SCHOOLS AND FURTHER EDUCATION
      • Introduction to STEM
      • IHEEM STEM ACTIVITY
    • Upgrade my membership
  • Knowledge Hub
    • CPD
      • A guide to CPD
      • The MyIHEEM CPD platform
    • Training and Development
      • Courses
      • Health Estate Journal
    •  Knowledge Portal – IHEEM members only
    •  Access to Latest news in Full
  • Mentoring
  • Membership & Registration
    • Join IHEEM
      • Individual
      • Company
      • Authorising Engineers
      • Free
      • Member Get Member
    • Membership Information
    • Professional Registration
      • Engineering Technician
      • Incorporated Engineer
      • Chartered Engineer
  • Platforms
    • Technical Platforms
      • Decontamination
      • Fire Safety
      • Electrical
      • Mechanical
      • Medical Devices
      • Medical Gas Pipeline Systems
      • Ventilation
      • Water
    • Advisory Platforms
      • Environmental Advisory Platform
      • Health and Safety Advisory Platform
      • Strategic Estates Management Advisory Platform (SEMAP)
    • Ask an expert
  • Authorising Engineers
    • AE Directory
    • AE Applications
  • Affiliates
    • Company
    • NHS
    • University
  • Future Leaders
    • YOUNG ENGINEERS
      • MEET THE ENGINEERS
      • WORK EXPERIENCE
      • CAREER PATHS
      • Skills Hub
    • SCHOOLS AND FURTHER EDUCATION
      • Introduction to STEM
      • IHEEM STEM ACTIVITY
    • Upgrade my membership
  • Knowledge Hub
    • CPD
      • A guide to CPD
      • The MyIHEEM CPD platform
    • Training and Development
      • Courses
      • Health Estate Journal
    •  Knowledge Portal – IHEEM members only
    •  Access to Latest news in Full
  • Mentoring
  • Events
    • Upcoming Events
    • Past Events
  • Membership & Registration
    • Join IHEEM
      • Individual
      • Company
      • Authorising Engineers
      • Free
      • Member Get Member
    • Membership Information
    • Professional Registration
      • Engineering Technician
      • Incorporated Engineer
      • Chartered Engineer
  • Platforms
    • Technical Platforms
      • Decontamination
      • Fire Safety
      • Electrical
      • Mechanical
      • Medical Devices
      • Medical Gas Pipeline Systems
      • Ventilation
      • Water
    • Advisory Platforms
      • Environmental Advisory Platform
      • Strategic Estates Management Advisory Platform (SEMAP)
    • Ask an expert
  • Authorising Engineers
    • AE Directory
    • AE Applications
  • Affiliates
    • Company
    • NHS
    • University
  • Future Leaders
    • YOUNG ENGINEERS
      • MEET THE ENGINEERS
      • WORK EXPERIENCE
      • CAREER PATHS
      • Skills Hub
    • SCHOOLS AND FURTHER EDUCATION
      • Introduction to STEM
      • IHEEM STEM ACTIVITY
    • Upgrade my membership
  • Knowledge Hub
    • CPD
      • A guide to CPD
      • The MyIHEEM CPD platform
    • Training and Development
      • Courses
      • Health Estate Journal
    •  Knowledge Portal – IHEEM members only
    •  Access to Latest news in Full
  • Mentoring
  • About Us
    • History
    • Governance
    • Meet the Team
    • Committees
    • IHEEM Sustainability Policy
    • Knowledge Partners
    • Diversity & Inclusion
  • Branches
    • South West
    • Southern
    • London & South East
    • East Anglia
    • East Midlands
    • West Midlands
    • North-East
    • North West
    • Yorkshire
    • Northern Ireland
    • Republic of Ireland
    • Scotland
    • Wales
    • Hong Kong
  • News
  • Jobs
  • FAQs
  • Contact us
  • Events
    • Upcoming Events
    • Past Events
  • Membership & Registration
    • Join IHEEM
      • Individual
      • Company
      • Authorising Engineers
      • Free
      • Member Get Member
    • Membership Information
    • Professional Registration
      • Engineering Technician
      • Incorporated Engineer
      • Chartered Engineer
  • Platforms
    • Technical Platforms
      • Decontamination
      • Fire Safety
      • Electrical
      • Mechanical
      • Medical Devices
      • Medical Gas Pipeline Systems
      • Ventilation
      • Water
    • Advisory Platforms
      • Environmental Advisory Platform
      • Strategic Estates Management Advisory Platform (SEMAP)
    • Ask an expert
  • Authorising Engineers
    • AE Directory
    • AE Applications
  • Affiliates
    • Company
    • NHS
    • University
  • Future Leaders
    • YOUNG ENGINEERS
      • MEET THE ENGINEERS
      • WORK EXPERIENCE
      • CAREER PATHS
      • Skills Hub
    • SCHOOLS AND FURTHER EDUCATION
      • Introduction to STEM
      • IHEEM STEM ACTIVITY
    • Upgrade my membership
  • Knowledge Hub
    • CPD
      • A guide to CPD
      • The MyIHEEM CPD platform
    • Training and Development
      • Courses
      • Health Estate Journal
    •  Knowledge Portal – IHEEM members only
    •  Access to Latest news in Full
  • Mentoring
  • About Us
    • History
    • Governance
    • Meet the Team
    • Committees
    • IHEEM Sustainability Policy
    • Knowledge Partners
    • Diversity & Inclusion
  • Branches
    • South West
    • Southern
    • London & South East
    • East Anglia
    • East Midlands
    • West Midlands
    • North-East
    • North West
    • Yorkshire
    • Northern Ireland
    • Republic of Ireland
    • Scotland
    • Wales
    • Hong Kong
  • News
  • Jobs
  • FAQs
  • Contact us

IT and software provider to the NHS could face £6m fine over data breach

Home » News » IT and software provider to the NHS could face £6m fine over data breach

Advanced provides IT and software services to organisations on a national scale, including to the NHS and other healthcare providers, handling people’s personal information on behalf of these organisations as their data processor. The ICO explains that the provisional decision to issue a fine relates to a ransomware incident in August 2022, where it has provisionally found that hackers initially accessed a number of Advanced’s health and care systems via a customer account that did not have multi-factor authentication. 

The  Information Commissioner has  provisionally found that personal information belonging to 82,946 people was exfiltrated following the attack. The cyberattack was widely reported, with reports of disruption to critical services such as NHS 111, and other healthcare staff unable to access patient records. The data exfiltrated included phone numbers and medical records, and details of how to gain entry to the homes of 890 people who were receiving care at home. People impacted have been notified, and Advanced found no evidence that any data was published on ‘the dark web’. 

The Commissioner’s findings are provisional, as the ICO explains: “ No conclusion should be drawn at this stage that there has, in fact, been any breach of data protection law, or that a financial penalty will ultimately be imposed. The Commissioner will carefully consider any representations Advanced makes before making a final decision, with the fine amount also subject to change.”

UK Information Commissioner, John Edwards (pictured), said: “This incident shows just how important it is to prioritise information security. Losing control of sensitive personal information will have been distressing for people who had no choice but to put their trust in health and care organisations. Not only was personal information compromised, but we have also seen reports that this incident caused disruption to some health services, including to their ability to deliver patient care. A sector already under pressure was put under further strain due to this incident.

“For an organisation trusted to handle a significant volume of sensitive and special category data, we have provisionally found serious failings in its approach to information security prior to this incident. Despite already installing measures on its corporate systems, our provisional finding is that Advanced failed to keep its healthcare systems secure. We expect all organisations to take fundamental steps to secure their systems, such as regularly checking for vulnerabilities, implementing multi-factor authentication, and keeping systems up to date with the latest security patches

“I am choosing to publicise this provisional decision today as it is my duty to ensure other organisations have information that can help them to secure their systems and avoid similar incidents in the future. I urge all organisations, especially those handling sensitive health data, to urgently secure external connections with multi-factor authentication.” 

The ICO has detailed guidance to support organisations to protect their systems from ransomware attacks, as well as guidance on the responsibilities and liabilities of both data processors and controllers. 

 

PrevPreviousCOVER STORY: P4 reflects on 35 years in emergency lighting
NextHealthcare Estates 2024 programme launchedNext

Posted on

  • August 7, 2024

IHEEM

Institute of Healthcare Engineering and Estate Management,
2 Abingdon House,
Cumberland Business Centre Northumberland Road,
Portsmouth Hants,
PO5 1DS

  • 02392 823 186
  • office@iheem.org.uk
  • Membership
  • Registration
  • Learning Hub
  • Events
  • Branches
  • IHEEM Experts
  • Company Affiliates
  • About us
  • News
  • FAQs
  • Contact us
  • My IHEEM
  • Terms & conditions
  • Privacy policy

Sign up to hear from us

This website and its contents is copyright of IHEEM - © IHEEM 2025. All rights reserved.

Facebook-f Linkedin Instagram Twitter Youtube Vimeo
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the ...
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT