NHS D&G patients told to 'assume' their data has been published
The health board's chief executive is contacting every household in the region to update them on February's cyber attack
Every NHS Dumfries and Galloway patient is being told their data is likely to have been accessed and published online following February’s cyber attack.
The health board’s chief executive Julie White has now contacted every household in the region to update them on the situation, and offer advice for what people can do to stay safe online.
On March 19th NHS Dumfries and Galloway confirmed police were investigating a hack on its IT systems, and that there was “reason to believe that those responsible may have acquired patient and staff-specific data.”
READ MORE: NHS D&G confirms patient data published following cyber attack
A group calling itself INC Ransom then claimed responsibility on the dark web, and published a “proof pack” containing a small amount of the data accessed.
Now patients of the health board are being told it is best to “assume” their data will have been published as part of the attack.
A leaflet is being distributed to households across the region over the course of this week, and is also available online.
It includes the letter from Julie White, an Easy-Read version of the letter, and a list of frequently-asked questions. In the letter, she gives details of the attack, and some advice on how people can stay safe online.
Julie White said: “We are advising people in Dumfries and Galloway that the most sensible approach to take is to assume that some data relating to you is likely to have been copied and published.”
Staff and patients are potentially at risk as a result of the data theft, she continues – but a few simple precautions will help them stay safe.
Julie White said: “Since the cyber attack, we have been asking both staff and the public to be on their guard for any suspicious activity. This includes any attempts to access computer systems, such as suspicious emails from an unverified sender asking them to click a link (known as ‘phishing’), as well as phone calls. If anyone has suspicions, they should call Police Scotland by phoning 101.”
During the attack, criminals illegally copied large numbers of files held on NHS Dumfries and Galloway’s servers. While patient medical records were not affected, many other documents, such as patient letters, test results, and X-rays, were copied, and later released on the internet.
NHS Dumfries and Galloway has since put precautions in place to protect against other similar attacks, and continues to work with Police Scotland and other government agencies to support their investigation.
Responding to the latest development, South Scotland MSP Colin Smyth said: “This latest development will cause a great deal of anxiety for patients and staff of NHS Dumfries and Galloway.
“It is clear that the scale of the leak and the number of people affected is significantly higher than was first envisaged and it still remains unclear exactly what has been leaked about each person, despite significant work by the NHS to work through millions of items.
“The one saving grace is the fact that so far, the data doesn’t appear to have been used against any individual, but it is vital that we all exercise the maximum vigilance and contact the police if anyone attempts to contact us and claims they have our data.
“We must work on the basis that it is likely that some data on everyone in the region who has had an interaction with the NHS in recent years may have had their data leaked, even just names, and we should all be on our guard.