A ransomware group says it holds 3TB of patient and staff information stolen from NHS Scotland’s internal systems, with a local health board confirming some of the stolen data has already been published.
NHS Scotland was identified by the Inc Ransom threat collective in a post on the group’s leaksite, providing a ‘proof pack’ that is said to include sensitive medical documents. The group is now threatening to publish the data if demands are not met.
NHS Dumfries and Galloway suffered a “focused and ongoing cyber attack” on 15 March 2024, with a “significant quantity” of patient and staff data stolen.
Ryan McConechy, CTO at Barrier Networks, said the attack bore the hallmarks of the Inc group.
“Inc has a history of attacking healthcare organizations, and most ransomware gangs avoid making false claims around victims as it tarnishes their reputation.”
“[The incident] will undoubtedly cause concern for many citizens in Dumfries and Galloway who are waiting to hear if they were impacted. Their personal data now potentially lies in the hands of bad actors, which could be used in financial and identity fraud.”
The health board has now confirmed that some of the data stolen during the incident has been published by a recognized ransomware group, indicating the Inc group was behind the 15 March attack.
In a post on its web page dedicated to providing updates on the incident, NHS Dumfries and Galloway’s chief executive Jeff Ace confirmed the data published by the group was stolen during the 15 March attack.
“We absolutely deplore the release of confidential patient data as part of this criminal act. This information has been released by hackers to evidence that this is in their possession.”
The breach underscores the elevated threat levels facing critical-national infrastructure organizations in the UK, according to McConechy, noting NHS Dumfries and Galloway is lucky its operations weren’t disrupted more severely.
“The incident once again acts as a reminder that criminals are using cyber to target the UK’s critical infrastructure more frequently today. Fortunately, NHS Dumfries and Galloway appears to be operating almost as normal following the attack, but others are not so lucky.”
Patients are still in the dark as to whether they are affected
Approximately 140,000 people rely on the 50 regional bases that make up NHS Dumfries and Galloway, as well as its 4,500 employees.
After the incident was first disclosed on 15 March, the health board said it was working closely with Police Scotland, the National Cyber Security Centre (NCSC), and the Scottish Government.
McConechy explained cyber incident forensics is a lengthy process, and it could be some time before victims get any confirmation that their personal data was affected.
In an update posted to the support page, Jeff Ace said there was reason to believe the hackers accessed patient and staff-specific data.
RELATED WHITEPAPER
“It must be noted that this is a live criminal investigation, and we are very limited in what we can say. In addition, a great deal of work is required in order to say with assurance what data may have been obtained, and we are not yet in that position”, Ace advised.
“However, as it has been noted, there is reason to believe that those responsible may have acquired patient and staff-specific data.”
“We will look to update as and when we can, but in the meantime would again caution staff and patients to be on their guard for anyone accessing their systems, or anyone making contact with them claiming to be in possession of any information. Any such incidents should be reported immediately to Police Scotland on 101.”
-
Google tells some remote workers to return to the office or risk losing jobsNews Google has warned remote workers will need to return to the office or else lose their jobs, according to reports.
-
IBM puts on a brave face as US government cuts hit 15 contractsNews Despite the cuts, IBM remains upbeat after promising quarterly results
-
NHS supplier hit with £3m fine for security failings that led to attackNews Advanced Computer Software Group lacked MFA, comprehensive vulnerability scanning and proper patch management
-
Cyber attack delayed cancer treatment at NHS hospital
News A cyber attack at Wirral University Teaching Hospital in 2024 delayed critical cancer treatment for patients, documents show.
-
Alder Hey Children’s Hospital confirms hackers gained access to patient data through digital gateway serviceNews Europe’s busiest children’s hospital confirmed attackers were able to steal data from a compromised digital gateway service
-
Major incident declared as Merseyside hospitals hit by cyber attackNews The incident, which has led to cancelled appointments, is just the latest in a series of attacks on healthcare organizations
-
Thousands of procedures canceled at London hospitals as Qilin releases blood test dataNews The attack on blood testing company Synnovis continues to affect patients, while the ransomware group follows through with its threats
-
Attack on third-party software vendor disrupts NHS ambulance servicesNews The ambulance services serve more than 10 million people across the south of England
-
NHS data leak raises ‘serious questions’ about Manchester University cyber attackNews NHS patient data used for research purposes is believed to have been compromised in the June attack
-
Cyber attack on software supplier causes "major outage" across the NHSNews Unconfirmed reports suggest the attack may be ransomware-related, while the NHS contends with disrupted services on the 111 non-emergency line
