News

NHS cyber attack ‘Deplorable’ hackers publish Brit patients’ confidential information

NHS cyber attack ‘Deplorable’ hackers publish Brit patients’ confidential information

Hackers have gained access to patients data following a cyber attack on the NHS, a UK trust has warned.

NHS Dumfries and Galloway confirmed the data leak after the group posted a “proof pack” online. The health board said that the hackers are in possession of at least a “small number” of information. They confirmed they are working with Police Scotland to resolve the issue.

It comes after the hackers, named INC Ransom, uploaded the information on its dark web blog, alleging it has three terabytes of data from NHS Scotland. The board said the proof pack that has been uploaded to the site is genuine. In a statement, chief executive Jeff Ace said: “We absolutely deplore the release of confidential patient data as part of this criminal act. This information has been released by hackers to evidence that this is in their possession.”

Patients whose data has been leaked will be contacted by the board, he said, while patient-facing services will continue as normal. Mr Ace said: “NHS Dumfries and Galloway is very acutely aware of the potential impact of this development on the patients whose data has been published, and the general anxiety which might result within our patient population.”

NHS Dumfries and Galloway also confirmed they are working with the “National Cyber Security Centre, the Scottish Government and other agencies in response to this developing situation.” The board was hit by a cyber attack earlier this month, which put a “significant amount” of data at risk.

The board said at the time: “NHS Dumfries and Galloway has been the target of a focused and ongoing cyber attack. During these incursions into our systems, there is a risk that hackers have been able to acquire a significant quantity of data. Work is continuing together with cyber security agencies to investigate what data may have been accessed, but we have reason to believe that this could include patient-identifiable and staff-identifiable data. Breach of confidential data is an incredibly serious matter. We are encouraging everyone, staff and public, to be on their guard for any attempt to access their systems or approaches from anyone claiming to be in possession of data relating to them.”

A spokeswoman for  Police Scotland responded to the latest incident and said: “Police Scotland inquiries are continuing into a cyber attack on NHS Dumfries & Galloway.” INC Ransom made their debut on the dark web in July last year. The hacker usually encrypts and steals data from targets before threatening to expose it online. According to Ransomlooker, the group has targeted around 65 organisations in the last year alone.

Back to top button