After cyber attack: Scottish region informed about health data leak
All of the approximately 148,000 inhabitants of the Scottish region of Dumfries and Galloway are being informed by flyers about a leak of their health data.
(Image: Jamie Dillon/Shutterstock.com)
Following a cyberattack on the Dumfries and Galloway region of Scotland in February 2024, NHS Dumfries and Galloway is distributing flyers to all residents. "The flyer will reach households across the region between June 18 and 22," says the NHS Dumfries and Galloway website. The flyer includes a letter from NHS Chief Executive, Julie White, along with a plain language version and a list of frequently asked questions.
It was already clear at the end of March that cyber criminals were in possession of confidential information such as psychological reports from patient records. According to the NHS, all data was published on May 6. This included X-rays, test results, letters of complaint and more.
At the time, NHS Scotland claimed that only a few patients were affected by the data leak. No ransom was paid to the relatively new group "INC Ransom", which had stolen the data. Once again, the NHS emphasizes that "no data on our systems has been deleted or altered". Patient care was not compromised. "However, the criminals were able to access and copy large amounts of patient and staff data," said White.
Flyers to inform everyone
With the flyers, various websites and a hotline, NHS Dumfries and Galloway wants to inform as many affected people as possible. Residents are also encouraged to make everyone else living in the household aware of the incident, potential risks and possible measures. The people most affected by the data leak will be prioritized.
White also lists various sites that are intended to help with identity fraud and theft, blackmail attempts and the like. Citizens should also be made aware of phishing attempts and other fraud attempts. If in doubt, those affected should contact the Scottish police. A helpline is also intended to provide help, "including psychological support for people with anxiety".
INC Ransom threatened to publish three terabytes of stolen data at the end of March. This is not the first attack on the healthcare system in the UK. In mid-March 2024, it became known that unauthorized persons had gained access to the Irish vaccination portal. The health authority is continuing to work with Police Scotland, the National Cyber Security Centre and the Scottish Government and other agencies to investigate the incident.
(mack)
