Advanced, a major software provider to the United Kingdom’s National Healthcare Service (NHS), confirmed that the data of some customers were exfiltrated in a cyber attack.
Advanced identified the cyber attack on August 4, 2022. A week later, the company issued a statement saying the incident was caused by ransomware.
On October 13, Advanced released an update on the incident confirming that data of some customers were obtained and exfiltrated.
“We can confirm that the perpetrators of the attack, who were financially motivated in nature, were able to temporarily obtain a limited amount of information from our environment pertaining to approximately 16 of our Staffplan and Caresys customers. We have now notified each of those affected customers as the controllers of the exfiltrated data,” the update says.
The company says it recovered the limited amount of data obtained from its systems and believes that the likelihood of harm to individuals is low.
According to Advanced, there is no evidence to suggest that the obtained data exists elsewhere outside its control, but the company monitors the dark web.