DXS International, a British-based company that provides healthcare technology to England’s National Health Service (NHS), announced a cyberattack in a statement on Thursday.
In a file Along with the London Stock Exchange, the company said it had experienced a “security incident impacting its office servers,” discovered on December 14. The company said it “immediately” contained the breach working with the NHS, and hired a cyber security firm to investigate “the nature and extent of the incident”.
“There was minimal impact to the company’s services and the company’s frontline clinical services remain unaffected and operational,” the filing said.
At this time, the specific nature of the breach is unknown or whether patient medical information was stolen.
However, earlier this week, a ransomware group called DevMan took credit for the breach. In a post on the dark website seen by TechCrunch, the hackers listed the company on December 14 and claimed to have stolen 300 gigabytes of data from the company.
DXS said it has also notified law enforcement agencies and regulators, including the UK data protection authority, the Information Commissioner’s Office (ICO), of the cyberattack.
Contact us
Do you have more information about the breach at DXS International? From a non-work device, you can securely contact Lorenzo Franceschi-Bicchierai on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email.
DXS CEO Steven Bauer did not respond to a series of questions. Instead, Bauer sent TechCrunch a statement reiterating the public filing.
Rashana Sweidan Vigerstaff, a spokesperson for the ICO, told TechCrunch that the ICO is reviewing the information provided by DXS, but is also not responding to several queries.
NHS England spokesperson Katie Baldwin told TechCrunch that the health service is “unaware of the impact on patient services.”
Up websiteDXS says it provides software that helps reduce costs for physicians and primary care physicians. As such, the company’s software touches patient records and data. The company also says that in some cases its solutions are hosted on the NHS’s Health and Social Care Network (HSCN), a system that allows healthcare organizations across the UK to access and share information.
Generally, the NHS does not store patients’ medical data in a centralized system.
Updated with responses from DXS and the ICO.
#Tech #provider #NHS #England #confirms #data #breach #TechCrunch