Seven-figure fine for NHS provider with lack of Multi Factor Authentication.

An NHS IT provider is facing a penalty of more than £6m following a cyber attack and theft of over 80,000 medical records - after failing to implement multi-factor authentication (MFA).

Following an almost two-year investigation, the Information Commissioner’s Office (ICO) found that 82,946 people’s records were stolen in a ransomware attack. The attack was carried out using an account which did not have MFA which would typically prevent and alert a user to any unauthorised attempts to access the account.

The ICO have initially imposed a fine of £6.09m following the attack which affected all four UK nations, saw healthcare professionals unable to access patient records and led to a major outage in the referral system used to refer 111 patients to out-of-hours GPs in Wales.

A seemingly minor safety measure, MFA requires users to provide more than a password to verify a login attempt. Invented in the late 1990s, MFA is often done using a mobile number or secondary email address and has become popular with some social networking apps requiring its use.

At ADNS we understand the importance of securing your digital assets. Our team specialises in implementing MFA solutions tailored to your specific needs. Let us assist you in finding the perfect MFA solution to fortify your business against cyber threats.