DXS International, a prominent technology provider for the United Kingdom’s National Health Service, officially reported a cyberattack following a recent security breach. In a formal disclosure made to the London Stock Exchange, the company explained that the incident specifically targeted its office servers. The breach was first identified on December 14, prompting an immediate response from the organization to secure its digital infrastructure and protect its ongoing projects within the healthcare sector.
Upon discovering the unauthorized access, the company stated that it took swift action to contain the threat in close coordination with the National Health Service. To better understand the scope of the vulnerability, DXS International enlisted the expertise of a specialized cybersecurity firm to conduct a comprehensive investigation. This external team is currently working to determine the exact nature of the incident and evaluate how much sensitive information may have been compromised during the intrusion.
GET 50% Discount for VPN/ANTIVIRUS SOFTWARE AT 911Cyber - CODE: bit5025
Despite the severity of the situation, the company emphasized that its essential clinical services were not disrupted by the attack. The filing indicated that the impact on day-to-day business operations was kept to a minimum, ensuring that healthcare providers relying on their technology could continue their work without interruption. At this stage of the investigation, it remains unclear if any confidential patient medical records were accessed or removed from the company’s systems.
External reports have added a layer of complexity to the situation, as a ransomware collective known as DevMan has publicly claimed responsibility for the breach. The group posted a notice on its dark web site on the same day the breach was discovered, asserting that they managed to exfiltrate approximately 300 gigabytes of data. While the company has not yet confirmed the validity of these specific claims or the volume of data lost, the timing of the hackers’ post aligns with the company’s internal discovery of the event.
In compliance with legal and regulatory requirements, DXS International has notified several high-level authorities regarding the cyberattack. This includes reporting the incident to law enforcement agencies and the Information Commissioner’s Office, which serves as the data protection regulator for the United Kingdom. As the investigation continues, the company is working under the oversight of these regulators to ensure all necessary transparency and security protocols are followed to mitigate any further risks.