Large Volume of Medical Data Published on Dark Web: NHS Board

NHS Dumfries and Galloway was attacked by cyber criminals in March when the first batch of data, including patients’ information, was released.
Large Volume of Medical Data Published on Dark Web: NHS Board
Hands on a keyboard in an undated file photo. Dominic Lipinski/AP
Evgenia Filimianova
Updated:
0:00

A large volume of data, including patient information, has been published to the dark web by cyber criminals, an NHS board has confirmed.

An ongoing criminal investigation into the hacking of NHS Dumfries and Galloway in March is dealing with the release of confidential data, which includes the identities of staff.

On March 15, NHS Dumfries and Galloway reported a “focused and ongoing cyberattack,” which resulted in the release of data relating to a small number of patients.

The sensitive information was reportedly published by a group called INC Ransom, a ransomware extortion operation that first appeared in July 2023, and has targeted multiple industries including health care, education, and government entities.

On Monday, a new batch of data was released onto the dark web, where the board said it wasn’t “readily accessible to most people.”

“This is an utterly abhorrent criminal act by cyber criminals who had threatened to release more data. We should not be surprised at this outcome, as this is in line with the way these criminal groups operate,” said NHS Dumfries and Galloway Chief Executive Julie White.

The board is working with partner agencies to assess the published data, Ms. White confirmed.

“This very much remains a live criminal matter, and we are continuing to work with national agencies including Police Scotland, the National Cyber Security Centre, and the Scottish Government,” she added.

Helpline

A dedicated helpline has been set up to share information with patients and staff who may have been affected as a result of the breach. The helpline is open to the public, while the board is regularly updating its website with the latest details on the cyberattack.

NHS Dumfries and Galloway continues to follow the “very clear guidance being provided by national law enforcement agencies,” it said. It has advised everyone involved to be on alert for any attempts to access their work and personal data.

Patients, staff, and members of the public should be aware that cyber criminals can approach them via email, telephone, or social media claiming to be in possession of personal or NHS data, the board warned.

“In all instances, people are advised to take down details about the approach and contact Police Scotland by phoning 101,” the board advised.

The first release of data, following the hacking in March, reportedly contained biochemistry and genetics reports, and letters between doctors discussing patient treatments and psychological reports.

Jeff Ace, former chief executive of NHS Dumfries and Galloway, said the hospital “absolutely deplore[s]” the release of confidential patient data.

Breach Impact

In a statement to The Epoch Times in March, a spokesperson for Police Scotland said enquiries into the cyberattack on the hospital were ongoing. The Scottish Government said that no other hospital appeared to have been affected.

The board confirmed in April that its IT systems were running normally and no operations or appointments had been cancelled or postponed as a direct consequence of the attack.

“We are extremely sorry for the anxiety which has been caused, and have sought to be as open as possible while adhering to the very explicit guidance we have received from Police Scotland and partner agencies, and being very mindful of security considerations,” NHS Dumfries and Galloway said.

In an update on April 23, the board announced that cyber criminals published a “proof pack” of the stolen data. It included information related to six individual patients.

According to the board, it still holds the original patient files and they have not been altered or deleted.

“While some information has been illegally copied from NHS DG records, and has now been leaked, NHS DG and other agencies have carried out careful checks of our systems, and we are confident that your records have not been tampered with,” the board guidance said.

According to malware watchers, the INC Ransom group has previously targeted the United States, Australia, and European countries.

Lily Zhou and PA Media contributed to this report.
Evgenia Filimianova
Evgenia Filimianova
Author
Evgenia Filimianova is a UK-based journalist covering a wide range of national stories, with a particular interest in UK politics, parliamentary proceedings and socioeconomic issues.