Page Outsourcing says “changing lives is at the heart” of what it does. Lovely. Then it points to “our customer” OneAdvanced, a software company talking about “Better Technology”, “Bettering Society”, “responsible innovation”, “removing barriers” and “widening access to opportunities”. Beautiful little values buffet. Then the ICO file walks in wearing steel-capped boots: ransomware, NHS 111 disruption, sensitive personal data taken, medical records exposed, and home-entry details for people receiving care at home caught in the blast radius. Funny how the ICO can find its fucking boots when the scandal is big enough. When a disabled claimant asks why Page buried his DSAR under redactions and then did fuck all meaningful after being told to do more, the watchdog turns into a suggestion box with a logo.
The Page Connection
PageGroup has used OneAdvanced as a customer story.
That is the hook.
Not a tobacco client profile. Not a fintech hiring trophy. Not a chemical shared-services centre with bones under the archive floor. This one is a customer-story handshake: Page standing beside OneAdvanced and presenting the relationship as another polished little proof point in the corporate shop window.
Break barriers. Support customers. Deliver value. Smile for the brochure.
Fine.
TCAP is not reading it like a sales deck. TCAP is reading it like someone who has learned that every Page trophy needs turning over, because something usually crawls out from underneath and starts coughing up paperwork.
And OneAdvanced has a hell of a file.
Break Barriers, Then Break NHS 111
OneAdvanced, through Advanced Computer Software Group and its related health and care software business, ended up in the ICO’s ransomware file after a 2022 attack that disrupted NHS and social care services.
NHS 111 was affected. Other urgent and mental-health services were affected. Sensitive personal data was involved. The ICO’s provisional announcement said personal information relating to 82,946 people was affected. Later reporting on the final penalty said personal information belonging to 79,404 people was taken, including details for gaining entry to the homes of 890 people receiving care at home.
Read that slowly.
Medical records.
Phone numbers.
Home-access details.
Care recipients.
NHS disruption.
That is not a fucking software wobble. That is a crowbar through the care system.
The Ransomware Crowbar
The ICO said hackers accessed health and care systems through a customer account that did not have multifactor authentication.
A customer account.
No MFA.
A health and care software provider.
You could almost hear the cyber-security people screaming into their lanyards.
The attack disrupted critical services, including NHS 111. The Guardian reported a leaked NHS England memo saying a number of NHS services had software taken offline and that this created a significant challenge for those services.
That is the kind of line that should make every NHS contractor sit very still and stare at the floor.
Because when health systems go down, the damage is not abstract. It is not just uptime metrics, incident tickets and some poor IT bastard sweating into a Teams call. It is patients, clinicians, call handlers, urgent care, mental-health providers, care workers and people already living close to the edge being asked to function around a digital crater.
OneAdvanced did not just get a bad headline.
It got the kind of headline that smells like panic in a hospital corridor.
The Home-Key Horror
The home-entry detail is the bit that makes the stomach turn.
Personal data taken in the incident reportedly included details on how to gain entry to the homes of 890 people receiving care at home.
That is not just data.
That is a fucking keyhole.
That is the line between a care visit and a nightmare. The bit of information that exists because vulnerable people need help, not because some software company’s defences should let ransomware scum rummage through the cupboard.
Names and phone numbers are bad enough. Medical records are bad enough. But home-entry information for care recipients has a special stench.
It is not just privacy.
It is safety.
It is dignity.
It is someone’s front door.
The ICO Can Move When It Wants To
This is where TCAP starts laughing, and not in a healthy way.
Because the ICO managed to find OneAdvanced when NHS 111 went down and the headlines started bleeding. Good. It should have. Health data, care data and home-entry information are serious. A ransomware attack on systems used by health and social care is not a paperwork hiccup. It is a digital brick through the window of public care.
So yes, regulator, well done. Gold star. You found your boots.
But TCAP has its own ICO experience.
A disabled claimant asks whether Page’s DSAR redactions were excessive. Whether disclosure was being used to bury disability-discrimination evidence. Whether Page had actually done what it was told to do. Page was told to do more. Page did fuck all of substance. The ICO accepted the shrug and wandered off like a mall cop at a house fire.
That is the bit that stinks.
When the scandal is large enough to threaten the wallpaper, the ICO becomes a watchdog.
When the person asking is one disabled claimant holding a file full of black marker and bullshit, suddenly the state becomes very calm, very procedural and very fucking useless. These cunts make a snail look like Usain Bolt.
Selectively enforcing what they are supposed to watchdog?
Get in the sea.
Diversity Sermons And Cyber Smoke
Page loves selling diversity when it makes the brochure look less dead behind the eyes. Wider talent pools. Better teams. Fresh thinking. Women in tech. Inclusion. Better outcomes. All the tidy little recruitment hymns they sing when there is an invoice to bless.
Fine.
Then explain OneAdvanced.
Explain how a Page customer story sits beside a ransomware attack that disrupted NHS and social care services. Explain the medical data. Explain the home-entry details. Explain the ICO penalty. Explain how the “break barriers” crowd ended up with the wrong fucking barriers broken.
Maybe if Page’s shiny recruitment machine actually built the kind of robust, diverse, challenge-heavy cyber culture it sells in its own marketing fog, OneAdvanced would not have ended up in the ransomware ward with NHS 111 coughing into a paper bag.
But that is Page all over.
When diversity pays, it is strategy.
When a disabled claimant asks what Page has hidden under a tarpaulin of redactions, suddenly the machine forgets every sermon it ever sold.
They did it to me. They hid it from me. Then the ICO held the coats while everyone pretended the black marker was normal.
So yes, TCAP is crossing the line.
Page crossed it first.
TCAP is just bringing a torch.
Kangaroo Paperwork Department
Let’s not dress this up.
The ICO experience, from this side of the counter, looked like another kangaroo paperwork department with a nicer website.
Not justice.
Not enforcement.
Not meaningful pressure.
A polite little loop where a claimant gets told the organisation should do more, the organisation does barely anything meaningful, and the watchdog decides that the sound of corporate shuffling is close enough to compliance.
That is not regulation.
That is a complaints carousel with branded stationery.
And it fits too neatly beside the wider Page problem. Page redacts. Page fogs. Page delays. Page gives the disabled claimant just enough process to keep the machine moving, while the facts sit under black marker like a body under a tarpaulin.
Then OneAdvanced goes bang loudly enough, and suddenly the ICO remembers what a penalty notice looks like.
Funny old state.
Funny old fucking court-and-regulator theme park.
Page’s Data Problem Again
OneAdvanced belongs in Page Partners because this is another data-trust collision.
Page is already under TCAP fire over DSAR conduct, redactions and the wrong Lee Thompson’s completely unredacted CV landing in my file. That means every Page-linked data, software, cyber or compliance trophy now gets read through the same dirty lens.
Page wants the customer glow.
TCAP checks the breach file.
OneAdvanced is not just some harmless software name in a customer story. It is a company tied to a ransomware incident that disrupted NHS services and exposed sensitive data. It sits exactly where Page should least want TCAP looking: data handling, health systems, regulator action and the public-sector pain that comes when digital trust collapses.
Page saw a customer.
TCAP saw a warning label with a login screen.
Sensitive Data Is Not Confetti
Companies love shrinking data scandals with language.
Affected individuals. Personal information. Security incident. Unauthorised access. Proportionate response. Lessons learned. Enhanced controls. Ongoing investment. Standard corporate sedation, administered through the gums.
Fuck that.
Sensitive personal data is not confetti. Medical records are not confetti. Home-entry details for care recipients are not confetti. They are handles by which the wrong people can grab the most vulnerable parts of someone’s life.
When health and care data leaks or gets stolen, people do not experience it as an “incident”.
They experience it as fear.
Who has it? What do they know? Can they use it? Can they call me? Can they scam me? Can they turn up? Can they pretend to be someone they are not? Can they use my illness, my care, my house, my records, my weakness, my trust?
That is the bit the corporate language always tries to flatten.
TCAP is here to unflatten it with a boot.
The NHS 111 Smell
NHS 111 is not a luxury service.
It is one of the places people go when they do not know whether the thing happening to them is urgent, frightening, dangerous or about to get worse. It is panic with a phone number. It is triage for people who need direction before the whole night goes sideways.
So when a software supplier’s ransomware incident disrupts NHS 111, that is not a footnote. That is not an IT inconvenience. That is the public being made to work around a failure in the wiring of care.
And PageGroup’s customer-story glow sits next to that.
Break barriers.
Lovely.
Which barriers?
The ones between ransomware criminals and medical data?
The ones between NHS services and working systems?
The ones between a care recipient’s home-entry details and whoever should never fucking see them?
The Private-Equity Software Smell
OneAdvanced also has that modern software-sector smell: acquisitions, private-equity ownership, public-sector contracts, health and care systems, enterprise software, cloud promises and enough corporate restructuring language to make a corpse ask for a simpler coffin.
This is the ecosystem Page loves.
Big customers. Growth stories. Software platforms. Transformation. Hiring. Customer support. Case studies. The shiny bit where everyone talks about innovation and nobody mentions what happens when the systems shit themselves.
But when the software is used in health and social care, failure has a body-count risk, even when the body count does not appear in the press release.
The stakes are different.
This is not a marketing app forgetting your favourite trainers.
This is NHS 111, care systems, medical records and home-entry details.
Different league.
Same corporate grinning.
The Page Partners Pattern
This is where Page Partners has gone now.
Imperial was recruitment smoke for the cancer factory. BAT was the second black lung. HSBC was PageGroup’s cartel-laundry banker. Evonik was the chemical family tree from hell. The disability case study was the inclusion trophy cabinet. Vivo Telefônica was the cartel-fined phone shop. Neon was the data-leak bank. Walmart was the bribe-slick superstore. PicPay was the beef-baron banking app.
OneAdvanced is the NHS 111 ransomware hangover.
Different rooms. Same building. Same Page habit of standing near the trophy while TCAP follows the smell into the back corridor.
Page keeps finding customer stories.
TCAP keeps finding the file room.
And the file room keeps looking like it was mopped with panic.
The Question For Page
Why OneAdvanced?
Why this customer story?
Why stand beside a software company whose wider public file includes a ransomware attack that disrupted NHS and social care services and led to an ICO penalty?
Did anyone at Page ask about NHS 111?
Did anyone ask about the health and care systems?
Did anyone ask about the personal information taken?
Did anyone ask about home-entry details for 890 people receiving care at home?
Did anyone ask whether Page, of all fucking companies, should be putting data-trust customer stories in the window while its own DSAR conduct looks like a shredder wearing a tie?
Or did Page just see another customer badge, another support story, another nice clean phrase about breaking barriers?
Because from here, it looks simple.
Page saw a customer.
The ICO saw a ransomware failure.
TCAP saw the health-data smoke pouring through the Page trophy cabinet.
The Question For The ICO
And while we are here, a question for the ICO.
Why so fierce here and so fucking limp elsewhere?
Why can the ICO swing at OneAdvanced when the scandal is large, public and NHS-shaped, but turn into a warm bowl of procedural custard when a disabled claimant asks whether a recruitment firm has buried the truth under redactions?
Why does a big breach produce boots, penalties and press lines, while a claimant’s DSAR complaint produces the regulatory equivalent of “please try again, maybe they will be nicer this time”?
Why tell Page to do more if doing fuck all meaningful afterwards is apparently enough?
Why should any disabled claimant believe the data-protection system is built for them rather than for managing their disappointment?
Because from here, the answer looks ugly.
The state protects the furniture first.
The person can wait outside with the black-marker bundle.
The Closing Failure
PageGroup can keep the OneAdvanced customer story.
Break barriers. Support customers. Software. Transformation. Corporate glow. Another shiny badge for the Page cabinet.
Lovely.
But TCAP is not reading it like a sales manager. TCAP is reading it like someone who has watched a regulator find its boots for one data scandal while acting like a paper umbrella in another.
OneAdvanced had the NHS 111 ransomware hangover.
The ICO had a penalty notice.
Page had a customer story.
And TCAP had a disabled claimant’s file full of redactions, shrugs and regulator-flavoured bullshit.
That is not just a Page Partners entry.
That is the whole fucking system in miniature.
Big scandal: boots on.
Disabled claimant: fuck off and fill another form.
Unredacted.
Lee Thompson – Founder, The Cummins Accountability Project
Sources
- Page Outsourcing – Supporting our Customer OneAdvanced to Break Barriers and Empower Future Leaders
- The Guardian – NHS IT firm faces £6m fine over medical records hack
- ICO – Provisional decision to impose £6m fine on software provider following 2022 ransomware attack that disrupted NHS and social care services
- The Register – ICO cuts Advanced ransomware fine in half after voluntary settlement
- TechRadar – NHS England tech provider reveals data breach – DXS International hit by ransomware