Summary

The UK data watchdog is set to fine NHS vendor Advanced for security failures that occurred before the LockBit ransomware attack. These security lapses contributed to the vulnerability exploited during the attack.

The cyber attack had extensive repercussions, impacting the systems for dispatching ambulances, booking out-of-hours appointments, and issuing emergency prescriptions.

In a provisional ruling, the ICO stated that the software provider violated data protection laws by failing to secure personal information for 82,946 individuals.

These records were stolen in a ransomware attack by hackers who accessed Advanced's computer systems through an account that lacked multi-factor authentication (MFA).

Typically, MFA would have prevented cyber criminals from using stolen passwords to gain access.

The stolen data included sensitive information such as phone numbers, medical records, and details on how to access the properties of 890 people receiving home care.

Read more

Seamus Larroque

CDPO / CPIM / ISO 27005 Certified

Home

Discover our latest articles

View All Blog Posts
March 12, 2025
Clinical Trials
Biotech & Healthtech
Data Transfers
Regulations & Guidelines
Clinical Trial Sponsor

Navigating Privacy Requirements for Clinical Trials Across Jurisdictions: Focus on China

China’s data protection regulations play a crucial role in clinical trials, requiring sponsors and researchers to comply with multiple laws, including the PIPL, GCP-2020, and cross-border data transfer rules. Unlike other jurisdictions, China imposes strict consent requirements, risk assessments, and regulatory filings, making compliance a key factor when selecting trial locations and managing participant data.

October 14, 2024
Clinical Trials
Guideline

Analyzing the Similarities and Differences Between ICH-GCP and GDPR in Clinical Trials

ICH-GCP and GDPR are vital for clinical trials, setting standards for participant protection and data integrity, with distinct focuses and enforcement approaches.