Advanced, a managed software provider to the UK National Health Service, has confirmed that customer data was indeed lifted as part of the attack by cyber baddies that has disrupted operations for months.
The attack was first noted August 4 when Advanced promptly pulled a portion of its infrastructure offline to contain the spread of infection to other systems. As such, a range of sites hosted for clients were unavailable.
In an incident update yesterday, Advanced confirmed that the “perpetrators of the attack, who were financially motivated in nature, were able to temporarily obtain a limited amount of information from our environment pertaining to 16 of our Staffplan and Caresys customers.”
Advanced has now informed those customers, as is its legal duty, of the “exfiltrated data.” The company’s incident update says no data was taken from the other products it hosts, and it has “recovered the limited amount of data” that the crooks swiped from the infected systems.
