- NHS technology supplier DXS International hit by ransomware; minimal impact on clinical services
- Unknown group DevMan claims responsibility for theft of 300 GB of corporate data
- NHS providers have been exposed to ransomware before; Breach in 2022 led to £3.07M ICO fine
DXS International, a key supplier of technology to the National Health Service (NHS) in England, has revealed that it has suffered a ransomware attack at the hands of an unknown threat actor.
The company submitted a new report to the London Stock Exchange, stating that it had suffered a “security incident” affecting its office servers.
The attack was discovered on December 14 and has since been remediated. The company said it had called in third-party cyber security specialists to investigate and assess the damage and notified relevant authorities of the incident.
300 GB of stolen files
“There was minimal impact on the company’s services and the company’s frontline clinical services remain unaffected and operational,” the report concludes.
DXS did not share key details — what the nature of the attack was, who did it, or whether they stole any files in the process. However, TechCrunch says it found a rather unknown ransomware actor called DevMan claimed responsibility.
“In a posting on its dark web seen by TechCrunch, the hackers listed the company on December 14 and claimed to have stolen 300 gigabytes of data from the company,” the publication claims.
If the files haven’t been leaked to the dark web yet, it could mean that DevMan is trying to squeeze DXS for money.
This is not the first NHS provider to be hit by ransomware. Back in 2022, Advanced Computer Group suffered the same fate, but with more tangible consequences for the healthcare provider. The attack caused disruption to critical services at the time, including NHS 111, and meant some health workers were unable to access patient records. The stolen information included patient phone numbers, medical records and most of the access information for the homes of 890 people receiving home care.
In March 2025, the UK Information Commissioner’s Office (ICO) issued a fine of £3.07 million for the breach that exposed the personal information of 79,404.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
