DXS International, a U.K.-based healthcare technology company serving England’s National Health Service, disclosed Thursday that it had experienced a cybersecurity incident.
In a filing with the London Stock Exchange, DXS said it identified on Dec. 14 a “security incident affecting its office servers.” The company stated it had “immediately” contained the breach with assistance from the NHS and a third-party cybersecurity firm, which it hired to investigate the scope and nature of the breach.
“There was minimal impact on the company’s services and the company’s front-line clinical services remain unaffected and operational,” the filing said.
The company has not confirmed whether patient data was compromised. On the same day DXS discovered the breach, a ransomware group known as DevMan claimed responsibility for the incident, asserting on its dark web site that it had stolen 300 gigabytes of data from the company. TechCrunch reviewed the post.
DXS notified law enforcement and regulators, including the U.K. Information Commissioner’s Office (ICO), about the incident. Rashana Sweidan Vigerstaff, a spokesperson for the ICO, said the agency is assessing the information provided by DXS.
DXS Chief Operating Officer Steven Bauer declined to answer TechCrunch’s questions, instead issuing a statement consistent with the company’s public disclosure.
An NHS England spokesperson, Katie Baldwin, said the agency was “not aware of any patient services being impacted.”
According to its website, DXS provides software aimed at reducing costs for doctors and primary care providers, potentially interacting with patient data. Some of its services are hosted on the Health and Social Care Network, a communications system used by healthcare entities across the U.K.
The NHS does not store patient medical records in a centralized system.
