DXS International, a U.K.-based healthcare technology provider for England’s National Health Service, disclosed a cyberattack in a statement on Thursday. In a filing with the London Stock Exchange, the company stated it experienced a security incident affecting its office servers, which was discovered on December 14. The company said it immediately contained the breach in collaboration with the NHS and hired a cybersecurity firm to investigate the nature and extent of the incident.
The filing noted there was minimal impact on the company’s services and that its frontline clinical services remain unaffected and operational. At this point, the specific nature of the breach is not known, nor is it confirmed whether any patient medical information was stolen.
However, earlier this week a ransomware group called DevMan claimed responsibility for the breach. In a post on its dark web site, the hackers listed the company on December 14 and claimed to have stolen 300 gigabytes of data from DXS International.
The company stated it has notified law enforcement and regulators, including the U.K.’s data protection authority, the Information Commissioner’s Office. An NHS England spokesperson said the health service is not aware of any patient services being impacted.
Representatives from DXS and the ICO did not immediately respond to a series of questions. According to its website, DXS provides software designed to reduce costs for doctors and primary care physicians. This software interacts with patient records and data. The company also notes that in some cases its solutions are hosted on the NHS Health and Social Care Network, a system for healthcare organizations across the U.K. to access and share information. Generally, the NHS does not store patient medical data in a centralized system.