NHS Tech Provider DXS Confirms Data Breach

UK-based healthcare technology provider DXS International, a key supplier to NHS England, has confirmed a cyberattack on its systems. The incident, which the company says was discovered on December 14, has prompted an investigation, while the DevMan ransomware group has claimed responsibility, alleging the theft of 300 gigabytes of data.

DXS International, which provides essential healthcare technology for England's National Health Service (NHS), publicly disclosed the cyberattack in a statement filed with the London Stock Exchange on Thursday. The company reported discovering a "security incident affecting its office servers" on December 14. DXS stated it "immediately" contained the breach, working in collaboration with the NHS, and has engaged a specialized cybersecurity firm to investigate "the nature and extent of the incident." Despite the breach, the company asserted that there was "minimal impact on the company's services," with "front-line clinical services remain unaffected and operational."

While DXS has not yet confirmed the specific nature of the breach or whether any patients' medical information was compromised, a ransomware group identified as DevMan has taken credit for the attack. Earlier this week, TechCrunch observed a post on DevMan's dark web site, where the group claimed to have listed DXS International on December 14 and stolen 300 gigabytes of data from the company.

In response to the incident, DXS confirmed it has notified relevant law enforcement agencies and regulators, including the U.K.'s data protection authority, the Information Commissioner's Office (ICO). An NHS England spokesperson, Katie Baldwin, informed TechCrunch that the health service is "not aware of any patient services being impacted" by the breach. Representatives from DXS and the ICO did not immediately respond to further inquiries from TechCrunch.

DXS International's website states that it develops software designed to help reduce costs for doctors and primary care physicians. Given the nature of its services, the company's software inherently interacts with patient records and data. Furthermore, DXS indicates that some of its solutions are hosted on the NHS' Health and Social Care Network (HSCN), a secure system enabling healthcare organizations across the U.K. to access and share information. It's important to note that the NHS generally does not store patient medical data in a single, centralized system.