Concerns about data compromise after NHS Dumfries and Galloway attack

Scottish Health Secretary says disruption to services is 'minimal'

Minimal impact on services due to cyberattack, Scotland health secretary assures

Image:
Minimal impact on services due to cyberattack, Scotland health secretary assures

Cyberattack on NHS Dumfries and Galloway has raised concerns over the security of patient and staff data in NHS Scotland.

Scotland's health secretary Neil Gray has reassured the public that the impact of the recently discovered cyber incident on patient services has been minimal.

In an update provided to Members of the Scottish Parliament yesterday, Gray acknowledged the seriousness of the situation while highlighting the relatively limited disruption to patient services.

"I am pleased to say that at the moment there has been minimal impact on patient services," he said.

However, Gray also highlighted the importance of safeguarding confidential data and urged both staff and the public to remain vigilant against potential breaches.

"It's important to note that the incident has resulted in the need for some staff to change working practices in the short term," Gray added.

The health secretary underscored the urgency of restoring normality to the health board's operations, stating that the collaborative efforts were underway to address the breach comprehensively.

"I'm very grateful to everyone who is working to ensure people still receive the best possible care while we work at pace to ensure a return to normal working practices."

In response to Labour MSP Colin Smyth, Gray stated that the government would continue to monitor and review the implications of the attack to ensure that the cyber resilience strategy remains as robust as possible.

Despite Gray's reassurances, concerns persist regarding the extent of data compromised during the attack, with fears that sensitive information pertaining to patients and staff may have been accessed by hackers. In a statement posted on its website on Friday, NHS Dumfries and Galloway said that there was a risk that "hackers have been able to acquire a significant amount of data."

On Tuesday, the health board asserted that its services were "generally running as normal."

The board's Chief Executive, Jeff Ace, highlighted the extensive work being conducted with partner agencies to secure systems, adapt to disruptions, and assess the potential risks associated with the hackers' access to data.

"This has been viewed as an extremely serious matter demanding a major response," stated Ace.

He indicated that there were grounds to suspect that those accountable might have obtained patient and staff-specific data.

"It must be noted that this is a live criminal investigation, and we are very limited in what we can say. In addition, a great deal of work is required in order to say with assurance what data may have been obtained, and we are not yet in that position."

Ace reiterated the board's commitment to prioritising patient and staff confidentiality. He urged both staff and patients to remain vigilant against potential unauthorised access to systems and cautioned against sharing sensitive information with unknown individuals.

"Any such incidents should be reported immediately to Police Scotland on 101."

The health board is collaborating with Police Scotland, the National Cyber Security Centre, and the Scottish government to understand the impact of the incident.