Data stolen from NHS Dumfries and Galloway in a recent cyber attack has been published by a recognised ransomware group, the health board has said.
It has published an update of the situation on its website following its acknowledgement of the attack last week.
This has come as news reports, including on STV News, have said the INC Ransom gang has threatened to release 3Tb of patient and staff data. The health board has said some patient and staff information – including hospital reports, emails and clinical reports – has appeared on the dark web.
Deplorable
Its chief executive, Jeff Ace, said: “We absolutely deplore the release of confidential patient data as part of this criminal act. This information has been released by hackers to evidence that this is in their possession.
“We are continuing to work with Police Scotland, the National Cyber Security Centre, the Scottish Government, and other agencies in response to this developing situation. Patient facing services continue to function effectively as normal.
“As part of this response, we will be making contact with any patients whose data has been leaked at this point and continue working to limit any sharing of this information.
“NHS Dumfries and Galloway is very acutely aware of the potential impact of this development on the patients whose data has been published, and the general anxiety which might result within our patient population.”
The board added that there are concerns about staff-specific information and that work continues to assess the consequences of the incursion into NHS systems.
Ensuring security
Ace said: “Over recent days we’ve been very busy working with partner agencies to ensure the security of our systems, to adapt to the associated disruption, and to assess the potential risk posed by the hackers’ ability to access data.
“It must be noted that this is a live criminal investigation, and we are very limited in what we can say. In addition, a great deal of work is required in order to say with assurance what data may have been obtained, and we are not yet in that position.”
The health board is continuing to work with Police Scotland, the National Cyber Security Centre and the Scottish government and other agencies.