DXS Worldwide which supplies healthcare expertise for the NHS has disclosed a cyber assault, which has led to information being stolen.
The UK-based firm supplies software program that helps to scale back prices for docs and first care physicians and is utilized by round 2,000 GPs which oversee the care of round 17 million sufferers.
In a submitting with the Inventory Trade, revealed on 18 December 2025, the corporate stated it had found “a safety incident affecting its workplace servers,” on 14 December.
DXS stated that it had instantly contained the breach working along with the NHS, and had notified legislation enforcement and regulators, together with the Info Commissioner’s Workplace concerning the assault.
“There was minimal impression on the corporate’s providers and the corporate’s front-line medical providers stay unaffected and operational,” the submitting provides.
DXS stated that it has employed a cybersecurity agency to analyze “the character and extent of the incident.”
Ransomware group DevMan took credit score for the breach earlier this week in a put up on its darkish website, seen by TechCrunch, by which the hackers declare to have stolen 300 gigabytes of knowledge from the corporate.
An spokesperson for NHS England spokesperson instructed Digital Well being Information: “We, together with the Nationwide Cyber Safety Centre and legislation enforcement companions, are working with an NHS provider who’s investigating a cyber incident. We’re not conscious of any affected person providers being impacted.”
Commenting on the assault, cybersecurity professional Saif Abed, founding companion and director at The AbedGraham Group, stated: “It’s too early to take a position concerning the circumstances of this breach however as soon as once more the NHS provide chain is beneath the highlight.
“The federal government must strengthen oversight and necessities for suppliers and a essential means to do that is to begin with a root and department inquiry into the state of NHS cybersecurity and affected person security.”
The incident follows a cyber assault on Barts Well being NHS Belief, which led to private affected person and employees data being posted on the darkish net after a legal group, often known as Cl0p, exploited a loophole within the Oracle E-business Suite software program.
In the meantime, pathology provider Synnovis is contacting NHS organisations which had information stolen and revealed on-line following a significant cyber assault in June 2024, which led to a affected person dying and disrupted providers all through London.
In November 2025, the Cyber Safety and Resilience Invoice was launched in Parliament to assist defend the NHS and different sectors from the specter of cyber assaults.
Round 1,000 service suppliers will fall within the scope of measures, which would require third-party suppliers to spice up their cyber safety to minimise the potential impression of cyber assaults and enhance their information safety and community safety defences.
