DXS International, a U.K.-based healthcare technology provider that works with England’s National Health Service, disclosed that it experienced a cyberattack affecting its internal systems, according to a statement published Thursday.
Incident Discovery And Initial Response
In a filing with the London Stock Exchange, DXS said it identified a security incident affecting its office servers on December 14. The company said it took immediate action to contain the incident in coordination with the NHS and engaged an external cybersecurity firm to investigate the scope and impact of the breach.
The filing said the incident caused minimal disruption to company operations and that front-line clinical services remained unaffected and operational.
Unclear Impact On Patient Data
DXS said it has not yet determined the specific nature of the breach. The company has not confirmed whether any patient medical information was accessed or taken during the incident.
Earlier this week, a ransomware group known as DevMan publicly claimed responsibility for the attack. In a post on its dark web site that TechCrunch reviewed, the group listed DXS on December 14 and claimed to have obtained 300 gigabytes of data from the company.
DXS has not publicly confirmed the ransomware group’s claims.
Regulatory And Law Enforcement Notifications
DXS said it has notified law enforcement authorities and regulators, including the U.K. Information Commissioner’s Office. The ICO is the country’s data protection authority.
Steven Bauer, DXS’s chief operating officer, did not respond directly to questions from TechCrunch and instead provided a statement that mirrored the company’s public disclosure.
Rashana Sweidan Vigerstaff, a spokesperson for the ICO, told TechCrunch that the regulator is reviewing the information submitted by DXS. The ICO did not provide additional details in response to follow-up questions.
NHS Response And Service Status
An NHS England spokesperson said the health service is not aware of any patient services being affected by the incident. The spokesperson said operations remain ongoing without reported disruption.
DXS Role Within The NHS Technology Ecosystem
DXS says its software is designed to help doctors and primary care physicians reduce costs. As part of that role, the company’s systems interact with patient records and healthcare data.
The company also states that some of its services are hosted on the NHS Health and Social Care Network, a shared system that allows healthcare organizations across the U.K. to access and exchange information.
The NHS generally does not store patient medical records in a single centralized database, with data typically held across multiple systems and providers.
Featured image credits: Rawpixel
For more stories like it, click the +Follow button at the top of this page to follow us.