Home > Security > Security News

NHS Tech Provider DXS International Confirms Data Breach Claimed by DevMan Ransomware Group

Published on December 19, 2025
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
Healthcare Data Breach Email Nurse
Summarize with:
ChatGPT logo ChatGPT Claude.ai logo Claude.ai Google AI logo Google AI Grok logo Grok Perplexity logo Perplexity
Google logo Add as preferred source on Google

Key Takeaways

DXS International, a U.K.-based healthcare technology provider serving the National Health Service (NHS), has officially disclosed a cybersecurity incident affecting its office servers. This incident highlights the growing vulnerability of third-party vendors within NHS England's critical infrastructure, as it has been hit by breaches before.

DXS International Filing

In a regulatory filing with the London Stock Exchange, the company revealed that it detected a DXS International data breach on December 14. NHS England is “not aware of any patient services being impacted,” NHS spokesperson Katie Baldwin has told TechCrunch.

DXS software is used by primary care physicians to reduce costs and interacts with patient records, but does not appear to store patient medical data.

DevMan Ransomware Group Claims Responsibility

While DXS International has not publicly attributed the attack to a specific actor, TechCrunch reported a ransomware gang known as DevMan has taken credit for the intrusion. On their dark web leak site, the group listed DXS as a victim and claimed to have exfiltrated approximately 300 gigabytes of sensitive data. 

At this stage, it remains unverified whether this stolen dataset includes patient medical records or strictly corporate data. 

Company Response and Investigation

DXS International’s filing said that the company’s frontline clinical services remain operational and unaffected, that it has notified relevant regulatory bodies, including the Information Commissioner’s Office (ICO), and that it is cooperating with law enforcement. 

The DevMan ransomware group claimed an Elematec Corporation breach and a Feel Four breach with Qilin this year.

In August 2024, NHS vendor Advanced was slapped with a £6 million fine for poor cybersecurity related to the 2022 LockBit attack, while a major NHS Professionals security breach that was never published revealed concerning vulnerabilities this year.

Add a Comment
Related
Healthcare industry, a target for cyberattackers
CISA Urges Organizations to Harden Endpoint Management Systems After Cyberattack Against US Medical Giant Stryker
mobile hacker
Darksword Exploit Kit Deploying iOS Spyware on iPhones, Adopted by Multiple Threat Actors
Over 1,100 Hours of Terrorist Audio Propaganda Found in 17,000 URLs Across 40 Online Platforms
Interlock Ransomware Campaign Exploited Cisco Firewall Vulnerability CVE-2026-20131 Weeks Before Disclosure
Claude.ai: The Claudy Day Vulnerability Chains Prompt Injection, Open Redirects, and Data Exfiltration
Laptop Spark Vulnerability
Critical CVE-2026-3888 Vulnerability Exposes Ubuntu to Root Escalation
Most Popular
Healthcare industry, a target for cyberattackers
CISA Urges Organizations to Harden Endpoint Management Systems After Cyberattack Against US Medical Giant Stryker
mobile hacker
Darksword Exploit Kit Deploying iOS Spyware on iPhones, Adopted by Multiple Threat Actors
Over 1,100 Hours of Terrorist Audio Propaganda Found in 17,000 URLs Across 40 Online Platforms
Interlock Ransomware Campaign Exploited Cisco Firewall Vulnerability CVE-2026-20131 Weeks Before Disclosure
Claude.ai: The Claudy Day Vulnerability Chains Prompt Injection, Open Redirects, and Data Exfiltration
Laptop Spark Vulnerability
Critical CVE-2026-3888 Vulnerability Exposes Ubuntu to Root Escalation
CISA Urges Organizations to Harden Endpoint Management Systems After Cyberattack Against US Medical Giant Stryker
Darksword Exploit Kit Deploying iOS Spyware on iPhones, Adopted by Multiple Threat Actors
Over 1,100 Hours of Terrorist Audio Propaganda Found in 17,000 URLs Across 40 Online Platforms
Interlock Ransomware Campaign Exploited Cisco Firewall Vulnerability CVE-2026-20131 Weeks Before Disclosure
Claude.ai: The Claudy Day Vulnerability Chains Prompt Injection, Open Redirects, and Data Exfiltration
Critical CVE-2026-3888 Vulnerability Exposes Ubuntu to Root Escalation

Most Popular
Healthcare industry, a target for cyberattackers
CISA Urges Organizations to Harden Endpoint Management Systems After Cyberattack Against US Medical Giant Stryker
mobile hacker
Darksword Exploit Kit Deploying iOS Spyware on iPhones, Adopted by Multiple Threat Actors
Over 1,100 Hours of Terrorist Audio Propaganda Found in 17,000 URLs Across 40 Online Platforms
Interlock Ransomware Campaign Exploited Cisco Firewall Vulnerability CVE-2026-20131 Weeks Before Disclosure
Claude.ai: The Claudy Day Vulnerability Chains Prompt Injection, Open Redirects, and Data Exfiltration
Laptop Spark Vulnerability
Critical CVE-2026-3888 Vulnerability Exposes Ubuntu to Root Escalation
CISA Urges Organizations to Harden Endpoint Management Systems After Cyberattack Against US Medical Giant Stryker
Darksword Exploit Kit Deploying iOS Spyware on iPhones, Adopted by Multiple Threat Actors
Over 1,100 Hours of Terrorist Audio Propaganda Found in 17,000 URLs Across 40 Online Platforms
Interlock Ransomware Campaign Exploited Cisco Firewall Vulnerability CVE-2026-20131 Weeks Before Disclosure
Claude.ai: The Claudy Day Vulnerability Chains Prompt Injection, Open Redirects, and Data Exfiltration
Critical CVE-2026-3888 Vulnerability Exposes Ubuntu to Root Escalation

TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2026 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: