DXS International Discloses Cybersecurity Breach Affecting NHS-Linked Systems
DXS International, a UK-based technology provider for the National Health Service (NHS), has reported a cybersecurity incident involving unauthorized access to its internal office servers on December 14. The company stated that the breach was contained and that its clinical services remained operational throughout, with no confirmed impact on NHS patient data—though investigations are ongoing.
While DXS does not hold central medical records, its software—used by GP practices and primary care networks—processes patient data for clinical decision support and referral management, handling approximately 10% of all NHS referrals in England. The company has notified the Information Commissioner’s Office (ICO) and is collaborating with NHS cybersecurity teams and external specialists to assess the incident’s scope.
The breach occurs amid growing concerns over cyberattacks targeting healthcare suppliers in the UK. Recent incidents, including the 2022 ransomware attack on Advanced—which disrupted NHS 111 services and forced staff to revert to manual processes—highlight the operational risks posed by third-party vulnerabilities. Last year’s attack on pathology provider Synnovis was linked to patient fatalities and widespread appointment cancellations.
Current UK cybersecurity regulations do not automatically extend mandatory security standards to third-party health IT suppliers like DXS. However, the government’s Cyber Security and Resilience Bill, introduced last month, aims to impose stricter requirements and potential fines on providers serving critical sectors, including healthcare.
Source: https://therecord.media/uk-nhs-tech-provider-dxs-discloses-hack
DXS International TPRM report: https://www.rankiteo.com/company/dxs-international-plc
Information Commissioner’s Office TPRM report: https://www.rankiteo.com/company/nhs-information-centre
"id": "dxsnhs1766066291",
"linkid": "dxs-international-plc, nhs-information-centre",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'NHS GP practices and primary '
'care networks across England',
'industry': 'Healthcare IT',
'location': 'United Kingdom',
'name': 'DXS International',
'type': 'Technology Company'}],
'data_breach': {'type_of_data_compromised': 'Patient data (unconfirmed)'},
'date_detected': '2023-12-14',
'description': 'DXS International, a British technology company whose '
'software is widely used throughout the National Health '
'Service (NHS), has disclosed a cybersecurity incident '
'affecting its internal systems. Unauthorized access to office '
'servers was detected on December 14.',
'impact': {'operational_impact': 'Clinical services remained operational',
'systems_affected': 'Internal office servers'},
'investigation_status': 'Ongoing',
'references': [{'source': 'London Stock Exchange Notice'}],
'regulatory_compliance': {'regulatory_notifications': 'Information '
'Commissioner’s Office '
'(ICO)'},
'response': {'communication_strategy': 'Notice to London Stock Exchange, '
'notification to ICO',
'containment_measures': 'Breach contained',
'third_party_assistance': 'External specialists, NHS '
'cybersecurity teams'},
'title': 'DXS International Cybersecurity Incident',
'type': 'Unauthorized Access'}