Advanced Computer Software Group Limited
- Date 27 March 2025
- Type Monetary penalties
The Information Commissioner’s Office (ICO) has fined Advanced Computer Software Group Ltd (Advanced) £3.07m for security failings that put the personal information of 79,404 people at risk.
Advanced provides IT and software services to organisations, including the NHS and other healthcare providers, and processes people’s personal information on behalf of these organisations.
The fine relates to a ransomware incident in August 2022. Hackers accessed certain systems of Advanced’s health and care subsidiary via a customer account that did not have multi-factor authentication (MFA). The cyber attack was widely reported at the time, with reports of disruption to critical services such as NHS 111, and other healthcare staff unable to access patient records.