DXS International, a U.K.-based provider of healthcare technology solutions for NHS England, has confirmed that it suffered a cyberattack potentially affecting sensitive data. The company revealed the incident on Thursday, following the discovery of unusual activity on its office servers on December 14.
In a statement filed with the London Stock Exchange, DXS said it acted quickly to contain the breach. The company worked closely with NHS England and hired an independent cybersecurity firm to investigate the full scope and nature of the attack. According to the filing, the breach caused minimal disruption to its operations. “There was minimal impact on the company’s services and the company’s front-line clinical services remain unaffected and operational,” the filing said.
The exact details of the data compromised are not yet clear, and it is unknown whether patient medical records were accessed or stolen. DXS confirmed that it has informed both law enforcement and the U.K.’s data protection authority, the Information Commissioner’s Office (ICO), which is currently reviewing the information provided.
Earlier this week, the ransomware group DevMan claimed responsibility for the attack. In a post on its dark web site, the hackers listed DXS on December 14 and alleged that they had stolen 300 gigabytes of company data. The group has targeted multiple organizations in recent months, highlighting the growing threat of ransomware attacks on healthcare-related companies.
A spokesperson for NHS England, Katie Baldwin, said the health service is “not aware of any patient services being impacted” by the incident. While NHS clinical services appear operational, cybersecurity experts warn that any breach involving software providers touching patient data carries potential risks.
DXS International specializes in software designed to help doctors and primary care providers reduce operational costs. Its products often interact with patient records, and in some cases are hosted on the NHS’ Health and Social Care Network (HSCN). This network is a secure infrastructure that allows healthcare organizations across the U.K. to share and access patient information safely. Despite this connectivity, the NHS does not maintain a single, centralized repository of patient medical records.
The breach comes at a time when ransomware attacks targeting healthcare providers are increasing globally. Such attacks can cause financial losses, disrupt operations, and potentially expose sensitive patient information. By working with cybersecurity experts, law enforcement, and regulatory authorities, DXS aims to understand the impact of the breach and prevent further unauthorized access.
Steven Bauer, DXS chief operating officer, declined to answer detailed questions from reporters, instead providing a statement echoing the public filing. Similarly, the ICO confirmed that it is assessing the situation but declined to offer additional details.
Experts say that healthcare technology providers must maintain strong security practices, including regular system monitoring, employee training, and robust backup strategies. Even if patient-facing services remain uninterrupted, breaches of internal systems can still compromise sensitive administrative and clinical data.
This incident highlights the growing cybersecurity challenges faced by technology providers that serve critical infrastructure like the NHS. It underscores the importance of swift containment, transparent reporting, and collaboration with regulators. Authorities will likely continue monitoring DXS and similar organizations to ensure patient safety and maintain trust in the U.K.’s healthcare system.
For now, DXS is working to resolve the incident while NHS England continues to provide services without disruption. The situation serves as a reminder of the persistent cyber threats facing healthcare systems and the need for constant vigilance in protecting sensitive health data.
Cybersecurity analysts note that attacks on healthcare technology providers like DXS International are becoming more sophisticated. They often involve ransomware, data exfiltration, and targeted phishing campaigns aimed at employees.
While patient-facing services may remain uninterrupted, the theft of administrative or operational data can still pose long-term risks, including potential identity theft, regulatory penalties, and reputational damage for both the provider and NHS partners.
This incident reinforces the need for ongoing investment in cybersecurity defenses and proactive monitoring across all connected healthcare systems.
