NHS Scotland Clinical Data Published Ransomware

/in


Health authorities in Scotland have hit out at a ransomware gang after it started publishing data including clinical and personal identifiable information of both patients and staff.

The confirmation came after NHS Dumfries and Galloway had warned on 15 March that it had been the target of a focused and ongoing cyber attack on its IT systems.

It has been widely reported that the hacking gang, dubbed INC Ransom, had obtained 3TB (terabytes) worth of data, and are threatening to publish the entire tranche of data unless a ransom is paid.

Data published

Now the NHS has condemned the decision of the hackers to publish some of the data.

“NHS Dumfries and Galloway is aware that clinical data relating to a small number of patients has been published by a recognised ransomware group,” the board said in a statement. “This follows a recent focused cyber attack on the Board’s IT systems, when hackers were able to access a significant amount of data including patient and staff-identifiable information.”

NHS Dumfries and Galloway chief executive Jeff Ace condemned the publication of the data.

“We absolutely deplore the release of confidential patient data as part of this criminal act,” said Ace. “This information has been released by hackers to evidence that this is in their possession.”

“We are continuing to work with Police Scotland, the National Cyber Security Centre, the Scottish Government, and other agencies in response to this developing situation,” Ace said. “Patient-facing services continue to function effectively as normal.”

“As part of this response, we will be making contact with any patients whose data has been leaked at this point, and continue working to limit any sharing of this information,” Ace added.

“NHS Dumfries and Galloway is very acutely aware of the potential impact of this development on the patients whose data has been published, and the general anxiety which might result within our patient population.”

The INC ransomware operation is now threatening to leak more data via their dark web leak site.

Frustrated hackers

The refusal of NHS Scotland to pay the hackers ransomware demand was noted by William Wright, CEO of Scotland-based

Source…