ICO proposes $7.8M fine against NHS contractor in warning to IT providers
By 
Neil Hodge2024-08-13T20:35:00
The U.K. Information Commissioner’s Office (ICO) proposed a 6.1 million pound (U.S. $7.8 million) fine against Advanced Computer Software Group, an IT contractor for the National Health Service (NHS) that allegedly failed to secure the data of 83,000 people after a cyberattack.
The ICO said in a press release Wednesday it provisionally penalized Advanced after the company allegedly failed to implement basic cybersecurity controls to protect personal data. If finalized, the enforcement action would be the agency’s first financial penalty against a data processor under the U.K. General Data Protection Regulation.
Advanced provides the NHS and other healthcare providers with IT and software services. In August 2022, the company suffered a ransomware attack that gave hackers access to some of the company’s health and care systems via a customer account that did not have multi-factor authentication.
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
PremiumICO primed for enforcement increase behind new fining guidance?
The Information Commissioner’s Office updated its data protection fining guidance to provide companies with greater transparency and clarity about how and why it would issue penalties for a breach of the U.K. General Data Protection Regulation or Data Protection Act 2018.
-
Premium‘Divergence is coming’: Experts cast doubt on EU adopting U.K. GDPR reforms
Despite suggestions the European Union could look to the United Kingdom when considering future changes to the General Data Protection Regulation, legal experts question the impact planned U.K. reforms to the privacy law will have on multinational businesses.
-
News BriefTikTok fined $15.9M for violations of U.K. GDPR
Social media platform TikTok was fined £12.7 million (U.S. $15.9 million) by the U.K. Information Commissioner’s Office for using the personal data of children without parental consent and other violations of data protection mandates.
More from Regulatory Enforcement
-
News BriefFTC sues Uber over deceptive subscriptions, a rare move for consumers by Trump officials
The Federal Trade Commission (FTC) filed a lawsuit against Uber, alleging the ride-hailing company signed customers up for its Uber One subscription without consent, then made it hard for them to cancel. The move marks the U.S. government’s latest broadside against big tech companies, and the first major action from ...
-
News BriefCFPB pullback signals further shift toward industry-friendly regulation
The U.S. Consumer Financial Protection Bureau continues to unravel amid pressure from Trump administration officials to shutter the agency. Not only has the agency informed its employees that it will no longer be a watchdog for the financial services industry, it has also laid off employees despite court orders blocking ...
-
News BriefTrump’s CFPB, dismissing Comerica case, continues to cut down Biden-era lawsuits
The Consumer Financial Protection Bureau dropped yet another consumer protection lawsuit against a bank or fintech provider since Donald Trump was sworn in as president in January. This time, it was with Comerica Bank.