Ransomware group releases NHS Dumfries and Galloway patient data

Cyber Security, News

  • 27 March 2024
Ransomware group releases NHS Dumfries and Galloway patient data
Jordan Sollof
November 24, 2021

NHS Dumfries and Galloway have confirmed today that data relating to a small number of patients has been released by a recognised ransomware group, following the cyber attack on its IT systems on 15 March.

In a statement released today (27 March), NHS Dumfries and Galloway said: ā€œNHS Dumfries and Galloway is aware that clinical data relating to a small number of patients has been published by a recognised ransomware group.

ā€œThis follows a recent focused cyber attack on the Boardā€™s IT systems, when hackers were able to access a significant amount of data including patient and staff-identifiable information.ā€

According to The Guardian, reports emerged of a post by the group Inc Ransom on its darknet blog, alleging it was in possession of three terabytes of data from NHS Scotland. The post includes a ā€œproof packā€ of some of the data, which has now been confirmed by the board to be genuine.

The ā€œproof packā€, the UK Defence Journal says, includes a variety of sensitive documents, ranging from biochemistry and genetics reports to letters between doctors discussing patient treatments and psychological reports.

These documents also said to contain highly personal medical details, includes names and addresses of patients. The attack was publicly disclosed on 26 March by Inc Ransom, however no deadline for a ransom payment has yet been provided.

NHS Dumfries and Galloway chief executive Jeff Ace said: ā€œWe absolutely deplore the release of confidential patient data as part of this criminal act. This information has been released by hackers to evidence that this is in their possession.

ā€œWe are continuing to work with Police Scotland, the National Cyber Security Centre, the Scottish Government, and other agencies in response to this developing situation. Patient-facing services continue to function effectively as normal.

ā€œAs part of this response, we will be making contact with any patients whose data has been leaked at this point and continue working to limit any sharing of this information.

ā€œNHS Dumfries and Galloway is very acutely aware of the potential impact of this development on the patients whose data has been published, and the general anxiety which might result within our patient population.ā€

The board suffered a cyber attack on Friday 15 March and said at the time that ā€œthere is a risk that hackers have been able to acquire a significant quantity of dataā€, something that has now been proven to be true.

Subscribe to our newsletter

Subscribe To Our Newsletters

Find out more

1 Comments

  • Brenda VOCKINGS says:
    29 March 2024 at 5:10 PM

    When will D & G NHS advise patients of information that has been targeted. I want/ demand to know if any of my information has been accessed.

Comments are closed.

Related News

Birmingham Community Healthcare flags cyber security risk
Cyber SecurityJuly 9, 2025

Birmingham Community Healthcare flags cyber security risk

Birmingham Community Healthcare NHS Foundation Trust (BCHC) has flagged an exposed vulnerability that could lead to a cyber attack.Ā 
Patient death linked to cyber attack on NHS pathology provider
Cyber SecurityJune 26, 2025

Patient death linked to cyber attack on NHS pathology provider

The first patient death linked to the cyber attack last year on NHS pathology system provider Synnovis has been confirmed.
NHS Scotland publishes Ā£206m tender for cloud integration solution
NewsJune 6, 2025

NHS Scotland publishes Ā£206m tender for cloud integration solution

NHS Scotland has published a tender worth Ā£206m seeking a cloud solution and systems implementer as part of a software-as-a-service overhaul.