NHS D&G confirms patient data published following cyber attack

The health board says clinical data relating to a small number of patients has been published by a recognised ransomware group

Author: Paul KellyPublished 27th Mar 2024
Last updated 27th Mar 2024

NHS Dumfries and Galloway has confirmed patient data has been published by a ransomware group, following a cyber attack earlier this month.

The group claims to be in possession of 3TB of patient and staff data from NHS Scotland, and has published a small number of sensitive documents as part of a “proof pack”.

On March 19th NHS Dumfries and Galloway confirmed police were investigating a hack on its IT systems, and that there was “reason to believe that those responsible may have acquired patient and staff-specific data.”

READ MORE: Investigation launched into NHS Dumfries and Galloway cyber attack

The health board has now confirmed clinical data relating to a small number of patients has been published.

NHS Dumfries and Galloway Chief Executive Jeff Ace said: “We absolutely deplore the release of confidential patient data as part of this criminal act.

“This information has been released by hackers to evidence that this is in their possession.

“We are continuing to work with Police Scotland, the National Cyber Security Centre, the Scottish Government and other agencies in response to this developing situation.

“Patient-facing services continue to function effectively as normal.

“As part of this response, we will be making contact with any patients whose data has been leaked at this point.

Health board "acutely aware of potential impact"

“NHS Dumfries and Galloway is very acutely aware of the potential impact of this development on the patients whose data has been published, and the general anxiety which might result within our patient population.”

The health board has now set up a website where updates relating to the hack will be published.

South Scotland MSP Colin Smyth has described the situation as “deeply concerning for NHS staff and patients”.

Mr Smyth said: “While details of the recent cyber-attack on the health board have been limited, past attacks on public bodies are often related to extortion attempts and I have no doubt that this will have been the motive in the recent attack on Dumfries and Galloway.

NHS and Scottish Government "need to be open with the public"

“Although there is an ongoing police investigation into that attack, and we don’t know just how much data has been stolen from NHS Dumfries and Galloway and whether that data is still out there, the health board and Scottish Government need to be open with the public over how credible they believe these threats are, what areas they cover and what this may mean for patients and staff there.”

Greatest Hits Radio News has contacted The Scottish Government for a response.

Hear all the latest news from across the UK on the hour, every hour, on Greatest Hits Radio on DAB, smartspeaker, at greatesthitsradio.co.uk, and on the Rayo app.