A large volume of data, including patient information, has been published to the dark web by cyber criminals, an NHS board has confirmed.
On March 15, NHS Dumfries and Galloway reported a “focused and ongoing cyberattack,” which resulted in the release of data relating to a small number of patients.
The sensitive information was reportedly published by a group called INC Ransom, a ransomware extortion operation that first appeared in July 2023, and has targeted multiple industries including health care, education, and government entities.
On Monday, a new batch of data was released onto the dark web, where the board said it wasn’t “readily accessible to most people.”
“This is an utterly abhorrent criminal act by cyber criminals who had threatened to release more data. We should not be surprised at this outcome, as this is in line with the way these criminal groups operate,” said NHS Dumfries and Galloway Chief Executive Julie White.
The board is working with partner agencies to assess the published data, Ms. White confirmed.
Helpline
A dedicated helpline has been set up to share information with patients and staff who may have been affected as a result of the breach. The helpline is open to the public, while the board is regularly updating its website with the latest details on the cyberattack.NHS Dumfries and Galloway continues to follow the “very clear guidance being provided by national law enforcement agencies,” it said. It has advised everyone involved to be on alert for any attempts to access their work and personal data.
Patients, staff, and members of the public should be aware that cyber criminals can approach them via email, telephone, or social media claiming to be in possession of personal or NHS data, the board warned.
“In all instances, people are advised to take down details about the approach and contact Police Scotland by phoning 101,” the board advised.
The first release of data, following the hacking in March, reportedly contained biochemistry and genetics reports, and letters between doctors discussing patient treatments and psychological reports.
Breach Impact
In a statement to The Epoch Times in March, a spokesperson for Police Scotland said enquiries into the cyberattack on the hospital were ongoing. The Scottish Government said that no other hospital appeared to have been affected.The board confirmed in April that its IT systems were running normally and no operations or appointments had been cancelled or postponed as a direct consequence of the attack.
“We are extremely sorry for the anxiety which has been caused, and have sought to be as open as possible while adhering to the very explicit guidance we have received from Police Scotland and partner agencies, and being very mindful of security considerations,” NHS Dumfries and Galloway said.
In an update on April 23, the board announced that cyber criminals published a “proof pack” of the stolen data. It included information related to six individual patients.
According to the board, it still holds the original patient files and they have not been altered or deleted.
“While some information has been illegally copied from NHS DG records, and has now been leaked, NHS DG and other agencies have carried out careful checks of our systems, and we are confident that your records have not been tampered with,” the board guidance said.
According to malware watchers, the INC Ransom group has previously targeted the United States, Australia, and European countries.