A ransomware group has made good on its threat against a Scottish health board and released a “significant volume” of stolen data on the dark web.
NHS Dumfries and Galloway was the subject to a cyberattack in March and it is confirmed that the hackers were able to access a “significant amount of data”, including identifiable information about patients and staff.
Cybercriminals later released an “evidence pack” – which included confidential information about a small number of patients – and warned that more would follow.
In an update Monday, the health board confirmed a “significant volume of data” had been released.
Julie White, chief executive of NHS Dumfries and Galloway, called it an “absolutely heinous criminal act”.
“We should not be surprised by this result, because it is consistent with the way these criminal groups operate,” she said.
“Work is beginning to take place with partner agencies to assess the published data.”
The health board works with the police Scotlandthe National Cyber Security Center and the Scottish Government in response to the situation.
Keep up to date with all the latest news from the UK and around the world by following Sky News
Tap here
Ms White said NHS Dumfries and Galloway was “aware” that publishing the stolen data “could cause increased anxiety and worry among patients and staff”.
“The data accessed by cybercriminals is now published on the dark web, which is not easily accessible to most people,” she added.
“Recognizing that this is a timely criminal matter, we continue to follow the very clear guidance provided to us by state law enforcement agencies.”
Read more on Sky News:
China hacked Ministry of Defense, Sky News learns
Beijing poses a “constant” threat to Western cybersecurity
The health board urges the public to be alert to any attempts to gain access to their work and personal data.
He also warned people to be vigilant of any potential approach from someone claiming to be in possession of their personal data or NHS data – whether that approach comes by email, telephone, social networks or by any other means.
In all cases, people are advised to note the details of the approach and contact Police Scotland.
The Scottish Government said it was aware of the latest developments, adding: “It is important to note that the incident remains confined to NHS Dumfries and Galloway and there have been no other incidents overall of NHS Scotland.”
Police Scotland said its “investigations continue into a cyber attack on NHS Dumfries and Galloway”.
The health board has set up a dedicated webpage in response to the cyber attack, with a helpline available on 01387 216 777.
[ad_2]
