August 7, 2024 at 02:54PM
The UK’s ICO has provisionally decided to fine Advanced Computer Software Group Ltd (Advanced) £6.09M for failing to protect the personal information of tens of thousands in a ransomware attack. The breach impacted 83,000 people and various healthcare products. The final decision is pending Advanced’s response, potentially totaling $7.74 million.
From the meeting notes, here are the key takeaways:
– The UK’s Information Commissioner’s Office (ICO) has announced a provisional decision to impose a fine of £6.09M ($7.74 million) on Advanced Computer Software Group Ltd (Advanced) for its failure to protect personal information when it was hit by ransomware in 2022.
– The incident impacted hundreds of public and private entities, including NHS 111, and various healthcare products.
– The breach resulted in the exposure of personal information of nearly 83,000 people, including instructions on accessing homes for 890 people receiving care at home.
– The potential impact of the sensitive data exposure is significant, according to UK Information Commissioner John Edwards.
– Implementing fundamental security measures is vital in protecting sensitive data, and all organizations are expected to follow at least these minimal steps.
– The ICO’s fine of $7.74 million is still pending a final decision, contingent on Advanced’s response.
– If the fine remains at $7.74 million, the penalty will correspond to $93.3 per exposed person, which is considered very high.
Please let me know if you need further information or clarification.