Following a cyberattack on its IT systems on March 15, NHS Dumfries and Galloway, operating in the south of Scotland, revealed on the 27th of March that the data of a small number of patients has been made public by a known ransomware organization.
NHS Dumfries and Galloway is aware that clinical data relating to a small number of patients has been published by a recognized ransomware group. This follows a recent focused cyberattack on the Board’s IT systems when hackers were able to access a significant amount of data including patient and staff-identifiable information.
NHS Dumfries and Galloway Statement Addressing the Breach
INC Ransom Claims Responsibility for the Breach
Ransomware gang INC Ransom announced earlier this week that in its latest campaign, it took three terabytes of data from NHS Scotland. NHS Dumfries and Galloway is one of the fourteen boards under NHS Scotland’s umbrella. It operates a dozen hospitals serving nearly 150,000 people in Scotland.
INC Ransom’s post included a ‘proof pack’ of some of the data, which was later confirmed by the board to be genuine.
Jeff Ace, the chief executive of the NHS board released a statement addressing the current situation in Scotland and had to say the following:
We absolutely deplore the release of confidential patient data as part of this criminal act. This information has been released by hackers to evidence that this is in their possession. We are continuing to work with Police Scotland, the National Cyber Security Centre, the Scottish government and other agencies in response to this developing situation.
Jeff Ace, Chief Executive of the NHS Board
Ace also said that NHS Dumfries and Galloway is aware of the potential impact of the situation on the patients whose data has been published, and the general anxiety which might result within the Scottish board’s patient population.
He assured that the patients whose data has been leaked will be immediately contacted by the board, and patient-facing services would continue as normal.
Investigations are underway. Police Scotland, the National Cyber Security Centre, and the Scottish government are working with NHS Scotland and law enforcement to assess the level of the breach and the possible implications for individuals concerned.
Heimdal® extents its help to NHS trusts and is empowering them with free ransomware licenses to combat such attacks in the future.
If you liked this piece, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.