A wake-up call for any business handling sensitive data

A major software provider for the NHS, Advanced Computer Software Group, has been fined £3 million by the Information Commissioner’s Office (ICO) after a ransomware attack exposed personal data and disrupted critical healthcare services.

While it’s easy to see this as a one-off case, the truth is it reflects a much bigger issue—how even established companies can fall short on basic cybersecurity, and how costly that can be.

What Actually Happened?

Back in August 2022, hackers managed to break into Advanced’s systems using a customer account that didn’t have multi-factor authentication (MFA) in place. That one weak link was enough. Nearly 80,000 people had their personal data exposed. Some of the information included entry instructions for vulnerable patients’ homes. NHS 111 services were knocked offline, and healthcare staff struggled to access patient records when they were needed most.

The ICO found that Advanced had inconsistent security across its systems. Some accounts had MFA, others didn’t. That inconsistency created an opening, and attackers took full advantage.

Why It Matters

The ICO originally planned to issue a £6 million fine but cut it in half due to the company’s cooperation during the investigation. Still, £3 million is a serious financial hit—and this doesn't account for the reputational damage or the operational chaos the attack caused.

These type of stories, are evident that cyber attacks can happen to any business or anyone.

What You Should Take From This

If your business stores customer data, handles payments, or relies on cloud software, this matters to you. Cybersecurity isn’t just a concern for big corporations or public sector providers. It’s a responsibility every business shares.

Here are some quick lessons to apply right now:

Use multi-factor authentication on all accounts, not just the obvious ones.

Regularly review who has access to what. Least privilege is a good policy.

Have an incident response plan. Practice it.

Make sure your backups are secure and regularly tested.

Train your team—human error is still the number one way attackers get in.

We're Here to Help

Our job as an MSP is to make sure our clients don’t end up in this kind of situation. We provide real-time monitoring, threat detection, secure backups, and practical advice that makes a real difference.

If you’re not sure whether your systems are secure, or if it has been a while since you have reviewed your security, get in touch. A conversation could save you a serious headache later.

📞 Call us on 024 7601 0100 📧 Email us at enquiries@networkltd.co.uk 🔗 Or visit our Contact page