DXS International, a technology supplier to England’s National Health Service (NHS), has officially confirmed a cyber-attack on its systems. The incident, which was discovered on December 14, affected the company’s office servers.
In a filing to the London Stock Exchange on December 18, DXS International stated that the attack had a “minimal impact on the company’s services” and emphasized that “front-line clinical services remain unaffected and operational.” The company does not currently anticipate an adverse financial impact as a result of the incident.
Incident Response and Investigation
Upon discovering the breach, DXS reported taking immediate action to contain the incident. The company initiated an investigation in collaboration with NHS England and an external cybersecurity specialist agency.
DXS also confirmed that it had notified relevant authorities, including the Information Commissioner’s Office (ICO) and various NHS bodies, in accordance with regulatory procedures.
Threat Actor Claim: Devman
The confirmation of the attack follows claims made by a threat actor known as Devman. On December 14, Devman listed DXS on their data leak site, claiming to have stolen 300GB of data from the company. The threat actor subsequently threatened to release the stolen data on December 20.
As of the public filing, neither DXS nor the NHS has confirmed the data theft claim made by Devman.
Conclusions
The incident highlights the ongoing cybersecurity challenges faced by suppliers to critical infrastructure, such as healthcare systems. While DXS International reports minimal impact on operational services, the investigation into the claims of data exfiltration by the threat actor Devman continues.