- DXS International, a technology supplier to the National Health Service, has fallen victim to ransomware. Reduce impact on clinical services
- Anonymous group DevMan claims that 300 GB of company data has been stolen.
- NHS providers have faced ransomware before. ICO fined £3.07m for breaches in 2022
DXS International, a key technology supplier to the UK National Health Service (NHS), said it has been hit by a ransomware attack from an unknown attacker.
The company has submitted a new report to the London Stock Exchange saying it has suffered a “security incident” that affected its office servers.
The attack was discovered on December 14 and has been reported since then. The company said it hired an external cybersecurity expert to investigate and assess the damage and reported the incident to the relevant authorities.
300 GB files were stolen
“The impact on the company’s services has been minimal and the company’s frontline clinical services are operating unchanged,” the report said.
DXS did not share key details, including the nature of the attack, who carried it out, or whether any files were stolen in the attack. But, technical crisis An unknown ransomware attacker named DaveMan was reportedly responsible for the attack.
“In a post on the company’s dark site seen by TechCrunch, the hackers went public on December 14 and said they stole 300GB of data from the company,” the post said.
If the files have not yet been leaked on the dark web, it could mean that DevMan is trying to extort money from DXS.
This is not the first time an NHS provider has fallen victim to ransomware. By 2022, Advanced Computer Group suffered the same fate, but with more concrete results for healthcare providers. The attack disrupted vital services, including NHS 111, leaving some medical staff unable to access patients’ records. The stolen information included patients’ phone numbers, medical records and, most importantly, home access information for 890 home care recipients.
In March 2025, the UK Information Commissioner’s Office (ICO) imposed a fine of £3.07 million for a breach that exposed the personal data of 79,404 people.
