The Target: Advanced Computer Software Group, a provider of IT and software services to the U.K.’s National Health Service (NHS) and other healthcare organizations.
The Take: The data breach affected 82,946 people, with sensitive information being exfiltrated, including medical records, phone numbers, and access details to the homes of 890 individuals receiving care at home.
The Vector: The incident, which occurred in August 2022, involved a ransomware attack that accessed systems via an account lacking multi-factor authentication.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.