The Information Commissioner's Office (ICO) has provisionally imposed a fine of over £6 million on Advanced Computer Software Group after a 2022 ransomware attack that compromised the personal information of 82,946 individuals. The breach, which involved sensitive data such as medical records and home entry details for nearly 900 people, happened due to a lack of multi-factor authentication on a customer account. The attack disrupted critical NHS services, including NHS 111, forcing some medical practices to revert to pen and paper. The ICO stressed the importance of robust information security measures and noted that its findings are provisional, pending a response from Advanced. The incident highlighted significant failings in Advanced’s approach to data protection, putting an already pressured healthcare sector under further strain.