NHS GP software supplier hit by cyber attack

DXS International which provides healthcare technology for the NHS has disclosed a cyber attack, which has led to data being stolen.

The UK-based company provides software that helps to reduce costs for doctors and primary care physicians and is used by around 2,000 GPs which oversee the care of around 17 million patients.

In a filing with the Stock Exchange, published on 18 December 2025, the company said it had discovered “a security incident affecting its office servers,” on 14 December.

DXS said that it had immediately contained the breach working together with the NHS, and had notified law enforcement and regulators, including the Information Commissioner’s Office about the attack.

“There was minimal impact on the company’s services and the company’s front-line clinical services remain unaffected and operational,” the filing adds.

DXS said that it has hired a cybersecurity firm to investigate “the nature and extent of the incident.”

Ransomware group DevMan took credit for the breach earlier this week in a post on its dark web site, seen by TechCrunch, in which the hackers claim to have stolen 300 gigabytes of data from the company.

An spokesperson for NHS England spokesperson told Digital Health News: “We, along with the National Cyber Security Centre and law enforcement partners, are working with an NHS supplier who is investigating a cyber incident. We are not aware of any patient services being impacted.”

Commenting on the attack, cybersecurity expert Saif Abed, founding partner and director at The AbedGraham Group, said: “It’s too early to speculate about the circumstances of this breach but once again the NHS supply chain is under the spotlight.

“The government needs to strengthen oversight and requirements for suppliers and a critical way to do this is to start with a root and branch inquiry into the state of NHS cybersecurity and patient safety.”

The incident follows a cyber attack on Barts Health NHS Trust, which led to personal patient and staff information being posted on the dark web after a criminal group, known as Cl0p, exploited a loophole in the Oracle E-business Suite software.

Meanwhile, pathology supplier Synnovis is contacting NHS organisations which had data stolen and published online following a major cyber attack in June 2024, which led to a patient death and disrupted services throughout London.

In November 2025, the Cyber Security and Resilience Bill was introduced in Parliament to help protect the NHS and other sectors from the threat of cyber attacks.

Around 1,000 service providers will fall in the scope of measures, which will require third-party suppliers to boost their cyber security to minimise the possible impact of cyber attacks and improve their data protection and network security defences.