Data of thousands of Dumfries and Galloway patients published by hackers

Information about thousands of patients across the region has been published on the internet.

Hackers INC Ransom released several gigabytes of data onto the dark web on Monday.

The group was behind a cyber attack on NHS Dumfries and Galloway earlier this year and has now followed through on its previous promise to publish the information.

Health board chief executive, Julie White, said: “This is an utterly abhorrent criminal act by cyber criminals who had threatened to release more data.

“We should not be surprised at this outcome, as this is in line with the way these criminal groups operate.

“Work is beginning to take place with partner agencies to assess the data which has been published.

“This very much remains a live criminal matter, and we are continuing to work with national agencies including Police Scotland, the National Cyber Security Centre and the Scottish Government.”

The cyber attack began in February with the public being made aware in March.

INC Ransom then released a “proof pack” and promised a further release of data about staff and patients “soon”.

The files were published on Monday, with data about the accident and emergency, biochemistry and child and adolescent mental health services among it, as well as details relating to the health board’s home teams.

South Scotland MSP Colin Smyth described the release of the data as a “deeply worrying development”.

He said: “There is nothing more sensitive than medical data and given that the perpetrators of this appalling crime will have been fully aware their ransom demands were never going to be met, it seems their motive is to cause damage and distress rather than any realistic expectation they will make money.

“It is vital the health board outline how much data has been posted and contact as many of the affected patients as possible, in particular vulnerable patients.”

The health board has warned everyone to be alert for attempts to access their data and contact from anyone claiming to have their information.

A Police Scotland spokesman said inquiries into the attack are continuing.

Health Secretary Neil Gray was quizzed about the matter by local MSPs at Holyrood on Tuesday. He said: “The Scottish Government is working with NHS Dumfries and Galloway, Police Scotland and other agencies, as we have done since we were first alerted to the cyber attack, to assess the level of the breach and the implications for the individuals concerned.

“There has been minimal impact on patient care as a result of the breach. However, I know that the incident has resulted in the need for some staff to change working practices in the short term, so I am very grateful to everyone who is working to ensure that people still receive the best possible care while we work at pace to ensure a return to normal working practices.”

A dedicated telephone helpline is now open to the public for anyone with concerns. It is available on 01387 216 777 from 9am to 6pm Monday to Friday and 9am to 1pm on Saturdays. Also visit www.nhsdg.co.uk/cyberattack.