DXS International, a UK-based company that provides healthcare technology for England’s National Health Service (NHS), disclosed a cyber attack in a statement on Thursday.
On deposit with the London Stock Exchange, the company said it experienced a “security incident affecting its back office servers,” discovered on Dec. 14. The company said it “immediately” contained the breach in partnership with the NHS and hired a cyber security firm to investigate “the nature and extent of the incident”.
“There has been minimal impact on the company’s services, and the company’s frontline clinical services remain unaffected and operational,” the filing said.
At this point, the specific nature of the breach is not known, nor if patient medical information was stolen.
However, earlier this week, a ransomware group called DevMan took credit for the breach. In a post on its dark web site seen by TechCrunch, hackers targeted the company on December 14 and claimed to have stolen 300 gigabytes of data from the company.
DXS said it has also notified law enforcement and regulators, including the UK’s data protection authority, the Information Commissioner’s Office, or ICO, about the cyber attack.
Contact us
Do you have more information about the breach at DXS International? From a non-working device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382 or via Telegram and Keybase @lorenzofb or via email.
DXS CEO Steven Bauer did not respond to a series of questions. Instead, Bauer sent TechCrunch a statement echoing the public filing.
Rashana Sweidan Vigerstaff, a spokesperson for the ICO, told TechCrunch that the ICO is evaluating the information provided by DXS, while also not answering many questions.
NHS England spokeswoman Katie Baldwin told TechCrunch that the health service is “not aware that patient services are being affected”.
On him websiteDXS says it provides software that helps reduce costs for physicians and primary care physicians. Therefore, the company’s software touches patient records and data. The company also says that in some cases, its solutions are hosted on the NHS Health and Social Care Network (HSCN), which is a system for healthcare organizations across the UK to access and share information.
In general, the NHS does not store patient medical data in a central system.
Updated with responses from DXS and ICO.
