Scottish National Records latest public sector ransomware victim

The organisation responsible for official statistics gathering and public record archiving has flagged a serious data breach, with up to 50 people now considered ‘at serious risk’ of seeing their information published online. 

As reported by InfoTec News last month, a cyberattack targeting NHS Dumfries & Galloway saw a number of confidential and sensitive files stolen by the group INC Ransom. In total 3TB of information was accessed, some of which then wound up being published online. This included information about childrens mental health. 

It has  now emerged that a significant amount of data held by the National Records of Scotland was included in the theft, linked to a service which transfers patient records when people move between different Scottish health board areas, or overseas.

Up to 50 people are now considered ‘at risk of harm’. All have now been contacted, and the Information Commissioner has also been notified. Some information pertaining to ‘statutory births, deaths and marriages registers… which is used to correctly identify patients and maintain the accuracy’ was also included, according to a spokesperson for the NRS. 

‘We are aware that this will be distressing news for those individuals most directly affected,’ said  Janet Egdell, Chief Executive of the National Records of Scotland. ‘This is a live criminal investigation, and we are working closely with NHS Dumfries and Galloway, Police Scotland, the Scottish Government, and other agencies involved in the inquiry. NRS takes cyber security and privacy seriously. This includes ensuring the continued safe provision of the service we provide.’

More on cybersecurity: 

Cyber security operations centre will ‘protect’ Welsh councils

NHS Dumfries & Galloway ransomware attack sees clinical data published

Cybersecurity lessons from Leicester City Council, MP and Electoral Commission attacks

Image: Muha Ajjan