A ransomware group says it holds 3TB of patient and staff information stolen from NHS Scotland's internal systems, and a local health board confirms some of the stolen data has already been published.
NHS Scotland was identified by threat collective Inc Ransom in a post on the group's leak site, providing a “test package” said to include sensitive medical documents. The group is now threatening to publish the data if the demands are not met.
NHS Dumfries and Galloway suffered a “focused and sustained cyber attack” on March 15, 2024, with a “significant amount” of patient and staff data stolen.
Ryan McConechy, chief technology officer at Barrier Networks, said the attack had the hallmarks of the Inc. group.
“Inc has a history of attacking healthcare organizations and most ransomware gangs avoid making false claims about victims as it tarnishes their reputation.”
“[The incident] It will no doubt cause concern to many citizens of Dumfries and Galloway who are waiting to find out if they have been affected. “Your personal data is now potentially in the hands of bad actors, which could be used in financial and identity fraud.”
The health board has now confirmed that some of the data stolen during the incident has been published by a recognized ransomware group, indicating that the Inc group was behind the March 15 attack.
in a mail On its webpage dedicated to providing updates on the incident, NHS Dumfries and Galloway chief executive Jeff Ace confirmed that data published by the group was stolen during the March 15 attack.
“We absolutely deplore the disclosure of confidential patient data as part of this criminal act. “This information has been released by hackers as proof that it is in their possession.”
The breach underlines the elevated levels of threat faced by critical national infrastructure organizations in the UK, according to McConechy, noting that NHS Dumfries and Galloway is lucky its operations have not been more seriously affected.
“The incident once again acts as a reminder that criminals are using cyber to attack the UK's critical infrastructure with increasing frequency today. “Thankfully, NHS Dumfries and Galloway appear to be operating almost normally following the attack, but others are not so lucky.”
Patients do not yet know if they are affected
Approximately 140,000 people depend on the 50 regional bases that make up NHS Dumfries and Galloway, as well as its 4,500 staff.
After the incident was first revealed on March 15, the health board said it was working closely with Police Scotland, the National Cyber Security Center (NCSC) and the Scottish Government.
McConechy explained that the forensic investigation of cyber incidents is a lengthy process and that it could take some time before victims get any confirmation that their personal data was affected.
In an update posted to the support page, Jeff Ace said there was reason to believe hackers accessed specific patient and staff data.
“It should be noted that this is a live criminal investigation and we are very limited in what we can say. In addition, a lot of work is needed to say with certainty what data has been obtained and we are not in that position yet,” Ace warned.
“However, as noted, there is reason to believe that those responsible may have acquired specific patient and staff data.”
“We will look to update when we can, but in the meantime we are again warning staff and patients to be on guard against anyone accessing their systems or contacting them claiming to be in possession of any information. “Any such incident should be reported immediately to Police Scotland on 101.”