NHS Dumfries and Galloway hit by “focused and ongoing” cyber attack

NHS Dumfries and Galloway announced on Friday that it has been the target of a “focused and ongoing” cyber attack.

The health board said it was working with partner agencies including Police Scotland, the National Cyber Security Centre and the Scottish Government and that hackers could have acquired a “significant quantity” of patient and staff data. Disruptions to services may occur as a result of the situation, it added.

The statement on the organisation’s website also said: “Work is continuing together with cyber security agencies to investigate what data may have been accessed, but we have reason to believe that this could include patient-identifiable and staff-identifiable data.

“Breach of confidential data is an incredibly serious matter. We are encouraging everyone, staff and public, to be on their guard for any attempt to access their systems or approaches from anyone claiming to be in possession of data relating to them.”

NHS Dumfries and Galloway has been the target of a focused and ongoing cyber attack.

This has prompted a swift response in line with our established protocols, working with partner agencies.

Details on this situation and updates are being provided here: https://t.co/dPHJrdKt6U pic.twitter.com/JY5565NlIG

— NHS DG (@DGNHS) March 15, 2024

Health secretary Neil Gray said the Scottish government is offering support to the board: “There are well established procedures for dealing with a situation of this kind.

“We are providing assistance and support to NHS Dumfries and Galloway as they handle this incident, and NHS NSS (National Services Scotland) is engaging with the rest of NHS Scotland and providing updates as necessary.”

Updates on the attack will be provided via a dedicated website, which can accessed here. There has been no update on the attack since the alert was first announced on Friday 15 March.

A spokesperson for the National Cyber Security Centre (NCSC) said: “We are working with law enforcement, NHS Scotland and the Scottish Government to fully understand the impact of an incident.”

The NCSC provides guidance and advice for individuals and families that have been affected by a data breach.

In reaction to this latest cyber attack, chief security strategist at Cylera, Richard Staynings, said: “Police Scotland and the NCSA will now be looking for malware or simple droppers that could be used to launch a more lucrative ransomware attack on NHS Dumfries and Galloway.

“It’s early days yet regarding the cyberattack on NHS Dumfries and Galloway so lots of things will still need to be investigated however, early accounts suggest this was a data exfiltration of Protected Health Information (PHI), and other data over the course of a persistent attack over months.

“While this is highly unfortunate, it’s a cyber attack that’s unlikely to be a direct risk to life unless this particular attack against confidentiality is accompanied by a systems availability attack or a data integrity attack.”

There have been a number of cyber attacks on the NHS in recent years. In June of last year, NHS details of more than one million patients were compromised in a ransomware attack on the University of Manchester.