The U.K.'s Information Commissioner’s Office has confirmed that NHS vendor Advanced will pay over £3 million following a ransomware attack in 2022. The fine, reduced from an initial £6 million, stems from failures to implement essential security measures, including multi-factor authentication. Hackers exploited these vulnerabilities, leading to the theft of personal information from tens of thousands of individuals. The attack caused significant disruption to NHS services. Advanced has accepted the penalty but did not provide a spokesperson for further comments.