NHS Dumfries & Galloway ransomware attack sees clinical data published
The healthcare authority has issued a statement about the risk of confidential patient information being shared online.
NHS Scotland has refused demands for payment from the group INC Ransom in order to prevent service user data from being leaked online. It is estimated that a cyber attack on NHS Dumfries & Galloway, which took place on 15th March, resulted in the theft of 3TB of sensitive files. The full set could now be published if funds are not delivered to the criminals.
‘We absolutely deplore the release of confidential patient data as part of this criminal act,’ said NHS Dumfries and Galloway Chief Executive, Jeff Ace. ‘This information has been released by hackers to evidence that this is in their possession. We are continuing to work with Police Scotland, the National Cyber Security Centre, the Scottish Government, and other agencies in response to this developing situation,” Ace said.
‘Patient-facing services continue to function effectively as normal. As part of this response, we will be making contact with any patients whose data has been leaked at this point, and continue working to limit any sharing of this information,’ he continued. ‘[We are] very acutely aware of the potential impact of this development on the patients whose data has been published, and the general anxiety which might result within our patient population.’
INC Ransom has already targeted a number of regional healthcare providers and local authorities. This includes the Leicester City Council attack last month, focus of an Infotec feature looking at the lessons all organisations should take from recent cyber attacks on public sector infrastructure — from the Electoral Commission to the professional email accounts of Westminster MPs.
More on cyber security:
Girls’ cyber security skills recognised at CyberFirst awards
Image: Ian Taylor
Leave a Reply