DXS International, a UK-based company that provides healthcare technology to the UK National Health Service (NHS), disclosed the cyberattack in a statement on Thursday.
In a filing to the London Stock Exchange, the company said it had experienced a “security incident impacting its office servers” that was discovered on December 14. The company said it was working with the NHS to “immediately” stop the breach and had hired a cybersecurity firm to investigate “the nature and scope of the incident”.
“The impact on the company's services has been minimal, and the company's front-line clinical services continue to operate unaffected,” the filing said.
At this time, it is unclear what the specific nature of the breach was or whether patient medical information was stolen.
However, earlier this week, a ransomware group called DevMan was admitted to be responsible for the breach. In a post on the company's dark web site seen by TechCrunch, the hackers claimed to have taken the company public on December 14th and stole 300 gigabytes of data from the company.
DXS said it had also notified law enforcement and regulators, including the UK's data protection authority, the Information Commissioner's Office (ICO), about the cyberattack.
Contact Us Want more information about the breach at DXS International? You can contact Lorenzo Franceschi-Bicchierai securely from a non-work device on Signal (+1 917 257 1382) or on Telegram and Keybase @lorenzofb or by email.
NHS England spokeswoman Katie Baldwin told TechCrunch that the health service is “not aware of any patient services being affected.”
Representatives for DXS and ICO did not immediately respond to a series of questions sent by TechCrunch.
DXS says on its website that it provides software that helps physicians and primary care physicians reduce costs. As such, the company's software impacts patient records and data. The company also said that in some cases its solutions are hosted on the NHS Health and Social Care Network (HSCN), a system for healthcare providers across the UK to access and share information.
Generally, the NHS does not store patient medical data in centralized systems.