NHS vendor Superior pays simply over £3 million ($3.8 million) in fines for not implementing fundamental safety measures earlier than it suffered a ransomware assault in 2022, the U.Okay.’s information safety regulator has confirmed. 

It’s half the high-quality that the Info Commissioner’s Workplace had initially sought in August 2024, when the info watchdog mentioned it was going to high-quality Superior greater than £6 million for its safety failings. 

The ICO mentioned Wednesday that Superior “broke information safety legislation” by not absolutely rolling out multi-factor authentication previous to its breach, which allowed hackers to interrupt in with stolen credentials and steal the non-public info of tens of 1000’s of individuals throughout the UK.

The LockBit ransomware assault on Superior brought on widespread outages across the NHS, together with affected person information techniques that Superior maintains on behalf of the NHS. 

In an announcement, Superior confirmed that it had settled the matter. Superior declined to call a spokesperson when requested by TechCrunch.