A hacker group is in possession of at least a “small number” of patients’ data following a cyber attack, NHS Dumfries and Galloway has said.
Reports emerged on Wednesday of a post by the group INC Ransom on its dark web blog, alleging it has three terabytes of data from NHS Scotland – although the Scottish Government said the incident has been contained to the one health board.
The post included a “proof pack” of some of the data, which has been confirmed by the board to be genuine.
READ MORE: New Cumnock men appear in court charged with attempted robbery
In a statement posted to the health board’s website, its chief executive Jeff Ace said: “We absolutely deplore the release of confidential patient data as part of this criminal act.
“This information has been released by hackers to evidence that this is in their possession.
“We are continuing to work with Police Scotland, the National Cyber Security Centre, the Scottish Government, and other agencies in response to this developing situation.”
Patients whose data has been leaked will be contacted by the board, he said, while patient-facing services will continue as normal.
READ MORE: Kelloholm food firm's upgrade gets royal seal of approval as Princess visits
Mr Ace said: “NHS Dumfries and Galloway is very acutely aware of the potential impact of this development on the patients whose data has been published, and the general anxiety which might result within our patient population.”
The board was hit by the cyber attack earlier this month, which it said at the time had put a “significant amount” of data at risk, but it had little impact on services for patients.
A Police Scotland spokeswoman said: “Police Scotland inquiries are continuing into a cyber attack on NHS Dumfries & Galloway.”
A spokesman for the National Cyber Security Centre said: “We are working with law enforcement, NHS Scotland and the Scottish Government to fully understand the impact of an incident.”
A spokeswoman for the Scottish Government said: “We are aware of some data published on the web that is linked to the recent cyber attack on NHS Dumfries and Galloway.
“This incident remains contained to NHS Dumfries and Galloway and there have been no further incidents across NHS Scotland as a whole.
“The Scottish Government is working with the health board, Police Scotland and other agencies, including the National Crime Agency and National Cyber Security Centre, to assess the level of this breach and the possible implications for individuals concerned.
“The Scottish Government is continuing to provide support to NHS Dumfries and Galloway as they deal with this ongoing situation. This remains an ongoing police investigation.”
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here