This blog posting represents the views of the author, David Fosberry. Those opinions may change over time. They do not constitute an expert legal or financial opinion.

If you have comments on this blog posting, please email me .

The Opinion Blog is organised by threads, so each post is identified by a thread number ("Major" index) and a post number ("Minor" index). If you want to view the index of blogs, click here to download it as an Excel spreadsheet.

Click here to see the whole Opinion Blog.

To view, save, share or refer to a particular blog post, use the link in that post (below/right, where it says "Show only this post").

Bad Publicity for NHS IT Supplier.

Posted on 15th August 2022

Show only this post
Show all posts in this thread (Cybersecurity).

This BBC report is a really bad advertisement for the company involved, Advanced.

Advanced, which provides digital IT services to the NHS (UK National Health Service), has been hit by a ransomware attack. There is a chance (not yet confirmed) that NHS data including patient data, has been stolen in the attack. Although ransomware attacks do not usually steal data, the security vulnerabilities that allowed the ransomware attack could also be used by hacker organisations wanting to steal data.

The NHS relies on all of its suppliers of services and products to ensure the security and reliability of its services and data, and it only takes one weak link in the chain to compromise potentially everything.

This is not only very bad publicity for Advanced, but also (as if we needed any more proof - governments and their agencies are notorious for their poor protection of sensitive data) shows that the NHS is not taking cybersecurity seriously. Advance should be better protected, and the NHS have clearly failed in their duty of due diligence, which is something that needs to happen not only when suppliers are selected, but also continuously thereafter.