NHS Dumfries and Galloway reports cyber attack, possible data breach

NHS Dumfries and Galloway, a health trust in Scotland, is reporting a cyber-attack, leading to potential disruptions in services and the risk of data compromise. The health trust is responsible for providing healthcare to approximately 150,000 residents in South West Scotland.

The incident is actively investigated with the assistance of the National Cyber Security Centre (NCSC), Police Scotland, and the Scottish Government.

No details are disclosed about the cyberattack, though the scenario strongly suggests a ransomware attack. At the moment it's unclear whether any data was breached.

NHS Dumfries and Galloway has urged both staff and the public to remain vigilant against attempts to access their systems or any communications from individuals claiming to possess stolen data. The trust has advised contacting Police Scotland immediately in such instances.

Update - as of 26th of March 2024, the INC ransomware group is threatening to release 3TB of confidential data from NHS Dumfries and Galloway. They've posted proof of the breach on their dark web site which includes patient and staff information, with some data from NHS Ayrshire & Arran.

The health board is contacting affected patients and ensuring that patient-facing services continue as usual. Police Scotland is investigating the incident. NHS Dumfries and Galloway Chief Executive Jeff Ace said the service is making contact with patients whose data has been leaked at this point and will continue working to limit any sharing of this information.

NHS Dumfries and Galloway are collaborating with the National Cyber Security Centre (NCSC) after the ransomware group Inc Ransom published approximately three terabytes of stolen patient data on the dark web. The health board confirmed this data breach in an update on their website on May 6, 2024.

As of 17th of June 2024, all households in Dumfries and Galloway will receive letters warning them that cybercriminals likely published their stolen medical data from the February NHS ransomware attack. The INC Ransom group, responsible for the attack, threatened to release the data unless paid; the NHS refused, prompting the warning to nearly 150,000 people.