Ransomware group shows 'proof pack' of data from NHS Dumfries and Galloway
INC Ransom threatens to release full data unless demands met
Whilst the information appears highly sensitive, much of it dates back several years
A ransomware group calling itself INC Ransom is threatening to release a substantial cache of data stolen from NHS Dumfries and Galloway unless their demands are met.
The Scottish health board had warned earlier this month about the potential compromise of "a significant quantity" of sensitive information belonging to both patients and staff following a cyberattack on its systems.
As reported by the BBC, INC Ransom claimed responsibility for the attack in a post on its darknet site, boasting possession of three terabytes of data purportedly obtained from Scottish health board.
The hackers substantiated their claims by releasing a 'proof pack,' showcasing snippets of the hacked data.
Among the leaked materials are confidential documents, including correspondence between healthcare professionals discussing cancer care and mental health referrals.
While the information appears highly sensitive, much of it is old, with the most recent documents originating from 2019.
NHS Dumfries and Galloway confirmed that a recognised ransomware group had published clinical data relating to a limited number of patients.
Jeff Ace, the chief executive of NHS Dumfries and Galloway, condemned the group, stating that the board was collaborating with law enforcement agencies and governmental bodies to address the evolving crisis.
"We absolutely deplore the release of confidential patient data as part of this criminal act," he said.
"NHS Dumfries and Galloway is very acutely aware of the potential impact of this development on the patients whose data has been published, and the general anxiety which might result within our patient population."
Ace said efforts were underway to contact individuals whose data has been compromised.
In response to the threat, the Scottish government has pledged to take all steps needed to thwart the release of the stolen data.
NHS Dumfries and Galloway remains vigilant, with patient-facing services continuing to operate without disruption despite the attack.
The health board is collaborating with Police Scotland, the National Cyber Security Centre, and the Scottish government to understand the impact of the incident.
Labour's South Scotland MSP, Colin Smyth, expressed concerns over the potential release of stolen data, describing it as "deeply concerning for NHS staff and patients."
Addressing the Scottish Parliament, Smyth said that extortion was likely the motive behind the attack on Dumfries and Galloway.
Earlier this month, Scotland's health secretary Neil Gray assured the public that the impact of the cyberattack on patient services had been minimal.
"I am pleased to say that at the moment there has been minimal impact on patient services," Gray told the Members of the Scottish Parliament.
He said there were "well-established procedures" for handling cyberattacks and said measures were being taken to bolster cybersecurity. However, he urged both staff and the public to remain vigilant against potential threats.
First Minister Humza Yousaf has expressed confidence in the steps taken by health boards across the country. Despite reassurances, Yousaf acknowledged the persistent threat posed by hostile groups attempting to breach data security protocols.
"We take our cyber security very seriously but there are hostile actors who are attempting to access data right across the public sector," Yousaf said, adding that the government will continue to invest in cybersecurity infrastructure.