Ransomware attack on NHS technology provider DXS International exposes patient data

DXS International, a British technology company providing software solutions to England's National Health Service (NHS), reports a cybersecurity incident affecting its internal office servers on December 14, 2025. 

The company supports approximately 10% of all NHS referrals in England and processes workflows for millions of registered patients. 

DXS contained the breach and notified the Information Commissioner's Office (ICO), law enforcement, and NHS cybersecurity teams. A ransomware group known as DevMan claimed responsibility for the attack, claiming that they had stolen 300 gigabytes of data from the company.

The exposed data types and number of affected individuals are not disclsoed. At present, there is no confirmation whether NHS patient data was accessed or stolen. DXS is not a core electronic health record provider and does not maintain central medical records, but patient data flows through some of its systems used to deliver clinical guidance to healthcare providers. 

NHS England has stated it is not aware of any patient services being impacted by the breach, and the ICO is assessing the information provided by DXS.