Image by Ian Taylor, from Unsplash
Advanced Fined £3M For Cyberattack That Exposed Data Of 79,000 NHS Patients
- Written by Kiara Fabbri Former Tech News Writer
- Fact-Checked by Sarah Frazier Former Content Manager
A major NHS software supplier was fined £3.07 million for failing to implement proper security measures before a 2022 ransomware attack that exposed the personal data of 79,000 people, as confirmed by the U.K.’s data protection regulator (ICO).
In a rush? Here are the quick facts:
- Hackers exploited missing multi-factor authentication, stealing data from nearly 79,000 people.
- NHS 111 and patient records access were disrupted due to the breach.
- ICO initially proposed a £6.09M fine but reduced it after Advanced cooperated.
Advanced Computer Software Group Ltd (Advanced) received an ICO penalty for violating data protection regulations because its systems lacked complete multi-factor authentication (MFA) implementation.
The attackers took advantage of this security weakness to break into the health and care subsidiary of the company and steal sensitive data while disrupting NHS 111 services, as noted by ICO.
John Edwards who serves as the UK’s Information Commissioner expressed his disappointment about the security weaknesses found in Advanced’s subsidiary operations.
“While Advanced had installed multi-factor authentication across many of its systems, the lack of complete coverage meant hackers could gain access, putting thousands of people’s sensitive personal information at risk,’’ he stated as reported by ICO
“People should never have to think twice about whether their medical records are in safe hands. To use services with confidence, they must be able to trust that every organisation coming into contact with their personal information – whether that’s using it, sharing it or storing it on behalf of others – is meeting its legal obligations to protect it,’’ he added.
The LockBit ransomware group carried out an attack that caused extensive system outages throughout the network. Healthcare workers lost their ability to access patient records while the home entry details of 890 people receiving home care became exposed to unauthorized parties, as reported by the BBC .
The ICO had first set the fine at £6.09 million before reducing it due to Advanced’s cooperation with law enforcement and cybersecurity agencies such as the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA).
The company accepted the ICO decision without contestation and chose not to file an appeal.
Image by Matt Wildbore, from Unsplash
Open-Source Projects Struggling With AI Crawlers Overloading Their Systems
- Written by Kiara Fabbri Former Tech News Writer
- Fact-Checked by Sarah Frazier Former Content Manager
AI-powered web crawlers have emerged as a major threat for open-source software communities which has caused widespread disruptions to their infrastructure.
In a rush? Here are the quick facts:
- AI-powered web crawlers are overwhelming open-source software communities, causing severe disruptions.
- Some open-source projects report that up to 97% of traffic comes from AI bots.
- Projects are deploying AI-specific blocklists, but bots quickly adapt, continuing disruptions.
Popular repositories face resource strain from these bots which were deployed by AI companies to collect training data for language models thereby slowing down development, as first reported by ArsTechnica .
Drew DeVault from SourceHut shared his observations about these crawlers through a blog post which described their destructive effects. These AI bots circumvented the robots.txt file instructions which direct crawlers to avoid certain pages thus creating major outages on the SourceHut platform.
The crawlers attacked specific endpoints such as git logs and commits through random IP addresses to disguise their activity as normal user traffic. The bots made effective blocking impossible through their methods which created extended project task delays and user service disruptions.
The GitLab infrastructure of KDE suffered a temporary outage due to bots which originated from Alibaba’s IP range. The open-source projects GNOME and others suffered from identical attacks so they implemented Anubis as a system which requires bots to complete computational challenges before granting access to the site, as reported by The LibreNews .
The “nuclear option” introduced by Anubis resulted in increased wait times for actual users who encountered significant traffic growth in GNOME’s merge requests, reported LibreNews.
Ben, who works as KDE’s sysadmin, observed that the bots disguised their identity using Microsoft Edge user agents to mimic real users, and evade detection from legitimate traffic. The Fedora team reacted to the disruption by cutting off all Brazilian web traffic to stop further disruptions, says LibreNews.
The report by LibreNews indicates that many open-source projects now experience 97% of their web traffic coming from AI companies’ crawlers. Open-source projects face increasing challenges because bandwidth expenses continue to grow while system maintainers face rising pressure to maintain smooth operations.
Open-source projects currently use blocklists and AI-specific user agent filtering as emergency solutions, yet bot adaptations consistently render these methods ineffective.
The rising problem of AI crawlers reveals how open-source projects become exposed to threats because they depend on public infrastructure and volunteer support.
Open data benefits AI companies yet their extreme data scraping practices end up damaging the systems that enable open internet accessibility.
