NHS England Data Breach Confirmed by Tech Provider

DXS International Reports Cyberattack

DXS International, a company headquartered in the U.K. and specializing in healthcare technology for England’s NHS, has announced a cybersecurity incident. The disclosure was made in a public statement released on Thursday.

Incident Details and Initial Response

According to a filing submitted to the London Stock Exchange, the company detected a “security incident affecting its office servers” on December 14th. Immediate action was taken to contain the breach, with collaboration from the NHS.

A specialized cybersecurity firm was engaged to conduct a thorough investigation into the scope and characteristics of the incident. The company reports that its core services experienced only minimal disruption.

Operational Status and Data Breach Uncertainty

Front-line clinical services provided by DXS remain fully functional and unaffected by the attack, as stated in the official filing. Currently, the precise details of the breach remain unclear.

It is also presently unknown whether any sensitive patient medical information was compromised during the incident.

Ransomware Group Claims Responsibility

However, the ransomware group known as DevMan has asserted responsibility for the attack. They published a claim on their dark web site – reviewed by TechCrunch – listing DXS International on December 14th.

The group alleges to have successfully exfiltrated 300 gigabytes of data from the company’s systems.

Regulatory Notification and Investigation

DXS International has notified the appropriate law enforcement agencies and regulatory bodies regarding the cyberattack. This includes the Information Commissioner’s Office (ICO), the U.K.’s data protection authority.

Lack of Response from Key Personnel

Steven Bauer, DXS chief operating officer, did not provide responses to a series of inquiries. Instead, he reiterated the information contained within the public filing in a statement to TechCrunch.

Rashana Sweidan Vigerstaff, a spokesperson for the ICO, confirmed that the ICO is currently evaluating the information provided by DXS. She did not respond to further questioning.

NHS England's Perspective

Katie Baldwin, a spokesperson for NHS England, stated that the health service is unaware of any impact to patient services as a result of the incident.

DXS International's Role and Data Access

DXS International’s website describes its software as a tool for reducing costs for doctors and primary care physicians. Consequently, the company’s software interacts with patient records and data.

In certain instances, the company’s solutions are hosted on the NHS’ Health and Social Care Network (HSCN). This network facilitates information access and sharing among healthcare organizations throughout the U.K.