DXS International, a U.K.-based healthcare technology company working with the National Health Service (NHS), has disclosed a cyberattack. In a filing with the London Stock Exchange on Thursday, the company said it discovered a “security incident affecting its office servers” on December 14. DXS noted that it immediately contained the breach with help from the NHS and brought in a cybersecurity firm to investigate the scale of the attack.
The company stressed that its frontline clinical services remain unaffected and operational, with minimal impact reported. However, the exact nature of the breach is still unclear, and it is not yet known if patients’ medical information was compromised. Earlier this week, a ransomware group known as DevMan claimed responsibility, saying it had stolen 300 gigabytes of data from DXS.
DXS confirmed it has notified law enforcement and regulators, including the Information Commissioner’s Office (ICO). A spokesperson for the ICO said the agency is assessing the information provided but did not give further details. NHS England also stated it is not aware of any patient services being disrupted by the incident.
DXS provides software that helps reduce costs for doctors and primary care providers, and its systems often interact with patient records. In some cases, its solutions are hosted on the NHS’ Health and Social Care Network, which allows healthcare organizations across the U.K. to share information. While the NHS does not store patient data in a centralized system, the breach raises concerns about the security of sensitive healthcare information.