NHS Dumfries and Galloway health board revealed last week that it had been the victim of a “focused and sustained cyber attack” which severely disrupted systems.
The incident, first announced on March 15, may have resulted in hackers acquiring a “significant amount” of patient and staff data, according to the alert.
NHS Dumfries and Galloway said it is working with Police Scotland, the National Cyber Security Center (NCSC) and the Scottish Government to deal with the sustained attack on its IT systems.
These agencies are currently investigating what data may have been accessed, but the board stated that the exfiltrated data could include identifiable patient and staff data, and described the breach as “an incredibly serious matter.”
NHS Dumfries and Galloway serves a population of around 140,000 people in the south west region of Scotland across 50 bases and employs approximately 4,500 people.
The board warned there could be disruption to services as a result of the incident, and urged NHS staff and the public to be wary of further attacks, as well as extortion attempts.
“We encourage everyone, staff and the public, to be on guard against any attempts to access their systems or access by anyone claiming to be in possession of data relating to them.”
If you notice cases of suspicious activity such as those described above, the public is advised to contact Police Scotland.
Healthcare industry struggles to stay on top of series of cyberattacks
Another Scottish health board, NHS Fifewas the subject of a cyber incident in February 2023.
An ICO investigation into the breach, published in November 2023, found that an unauthorized person was able to access a hospital ward without presenting identity verification.
Once the individual was in the room, he was given documents confirming the personal information of 14 people, and was even helped manage care for one patient, according to the investigation.
The individual was able to leave the site with the personal information, which had not been recovered at the time of the investigation.
The most recent notable cyber incidents affecting the healthcare sector include attacks on two of France's largest healthcare payment service providers. Viamedis and Almerys.
The attack occurred in February 2024 and involved the theft of data containing sensitive information of 33 million people.
This included personal information such as marital status, date of birth, social security number, guarantor and guarantees of their contract.
American medical services were also severely affected by a cyberattack on Change health carea technology company whose systems are used by hospitals and pharmacies across the country.
On February 21, 2024, Change Healthcare, a subsidiary of UnitedHealth Group, disclosed that it had suffered a significant breach that caused significant delays in prescription services.
The company's filing with the US Securities and Exchange Commission (SEC) on February 27 indicated that the group responsible for the attack are threat actors backed by nation-states.
The attack prompted action from US agencies, which warned healthcare companies to allocate more resources to bolster their cyber resilience.
The FBI, CISA, and the Department of Health and Human Services updated their joint #StopRansomware advisory to reflect the elevated threat levels facing the healthcare sector.
The advisory urged healthcare companies to take seriously an increasingly hostile threat landscape, particularly focused on critical national infrastructure organizations such as healthcare services companies.