DXS International discloses cyberattack on office servers, NHS services unaffected

DXS International, a U.K.-based healthcare technology company that supplies software to England’s National Health Service, has disclosed a cyberattack affecting its office servers that was discovered on Dec. 14, the company said in a regulatory filing released Thursday.

The incident prompted immediate containment measures carried out in coordination with the NHS, and a cybersecurity firm was engaged to investigate the nature and scope of the breach. The company said the attack had minimal impact on its operations and confirmed that front-line clinical services remained fully operational.

DXS informed law enforcement authorities and relevant regulators, including the United Kingdom’s data protection regulator, the Information Commissioner’s Office, shortly after identifying the incident. The company said its response actions were taken promptly following discovery of the breach.

The specific method of intrusion has not been disclosed, and the company has not confirmed whether any patient medical information was accessed or exfiltrated. An external ransomware group identifying itself as DevMan has publicly claimed responsibility for the attack and asserted that it obtained approximately 300 gigabytes of data from DXS systems. The company has not verified those claims.

DXS International develops and provides healthcare software designed to support doctors and primary care practices by improving efficiency and reducing operational costs. Its products interact with patient records and clinical data, and some of its solutions are hosted on the NHS Health and Social Care Network, a secure platform used by healthcare organizations across the United Kingdom to share information.

The Information Commissioner’s Office acknowledged receipt of information from DXS and said it is assessing the details provided as part of its regulatory review process. NHS England said it is not aware of any disruption to patient services linked to the incident.

DXS chief operating officer Steven Bauer issued a statement consistent with the company’s public filing and did not provide additional details beyond those already disclosed.

The NHS does not maintain patient medical records in a single centralized database, with data typically stored across multiple systems managed by individual healthcare providers.