DXS International, a software supplier to the NHS, has confirmed a cyber attack on its internal systems. It's a smaller story than some — and that's precisely why it's instructive.
What happened
As reported by IT Pro, DXS International disclosed that attackers hit its internal systems. The supplier stated that front-line clinical services were unaffected and that it was investigating and responding to the incident. Details were limited at disclosure, which is common in the early days of any breach.
Why it matters to you
Every organisation depends on suppliers — for software, payroll, IT, logistics, professional services. When one of those suppliers is breached, the disruption and data exposure can flow straight to you, even if your own systems are perfectly secure. This "supply-chain" risk is one of the most under-managed exposures for small and mid-size organisations, who often have little visibility of how well their suppliers protect data.
What to do
- Know your critical suppliers — list the ones whose failure would genuinely hurt your operations or expose your data.
- Ask about their security — Cyber Essentials certification, MFA, backups and breach-notification commitments are fair questions before and during a contract.
- Plan for a supplier outage — what's your fallback if a key system or supplier goes dark for a week?
- Limit shared data — only give suppliers the data and access they actually need.
Mapping supplier risk is something we help clients do as part of building real resilience.
Want to understand your own supplier and cyber risk? Get in touch and we'll help you make sense of it.
Source: NHS supplier DXS International confirms cyber attack — IT Pro