Nottingham Rehab Supplies (NRS) Healthcare breach exposes data of multiple UK Concils

Multiple UK councils have issued warnings regarding a potential breach of citizens' personal data following a ransomware attack on Nottingham Rehab Supplies (NRS) Healthcare, a supplier of health and care equipment to numerous local authorities across the UK. The ransomware attack, which occurred at the beginning of April 2024, resulted in the NRS website being taken offline. The company is currently in its "recovery phase."

Several UK local authorities have reported that NRS has informed them of the possible breach of residents' personal data:

• East Lothian Council stated on May 14 that specialist teams are investigating the extent of the attack but have not yet confirmed if any personal data was compromised.
• Waltham Forest Council indicated on May 16 that it is aware of a potential breach but has not confirmed the compromise of personal data. The council assured that it would contact the Information Commissioner’s Office (ICO) and affected individuals if residents' data is included in the breach.
• Camden Council also reported being affected by the attack but is currently unaware of whether personal data was accessed.
• Buckinghamshire Council confirmed on May 16 that personal data has indeed been breached. The council is collaborating with NRS Healthcare to determine the breach's extent and will directly contact affected clients. They have also informed the ICO.

The affected councils have advised residents to be vigilant against social engineering attacks, urging caution with unsolicited communications and reminding them that official visitors will carry branded identification badges.

No details are available about the number of affected individuals.