Tech provider for NHS England confirms data breach

DXS International, a U.K.-based company that provides healthcare tech for England’s National Health Service (NHS), disclosed a cyberattack in a statement on Thursday.

“There was minimal impact on the company’s services and the company’s front-line clinical services remain unaffected and operational,” read the filing.

At this point, the specific nature of the breach is not known, nor whether any patients’ medical information was stolen.

However, earlier this week, a ransomware group called DevMan took credit for the breach. In a post on its dark web site, which TechCrunch has seen, the hackers listed the company on December 14 and claimed to have stolen 300 gigabytes of data from the company.

DXS said it also notified law enforcement and regulators, including the UK’s data protection authority, the Information Commissioner’s Office, or ICO, about the cyberattack.

DXS chief operating officer Steven Bauer did not respond to a series of questions. Instead, Bauer sent TechCrunch a statement echoing the public filing.

Rashana Sweidan Vigerstaff, a spokesperson for the ICO, told TechCrunch that the ICO is assessing the information provided by DXS, while also not responding to several questions.

NHS England spokesperson Katie Baldwin told TechCrunch that the health service is “not aware of any patient services being impacted.”

Generally speaking, the NHS does not store patient’s medical data in a centralized system.

Updated with responses from DXS and the ICO.