National Records of Scotland data stolen in NHS Dumfries and Galloway hack

National Records of Scotland said a cyber attack on NHS Dumfries and Galloway enabled cyber criminals to access and steal the data it held on the hospitals’ IT network for administrative purposes.

 

National Records of Scotland collects, preserves and produces information about Scotland’s people and history and makes it available to inform current and future generations. Established in 2011, NRS is a non-ministerial department of the Scottish Government.

 

In March, NHS Dumfries and Galloway said it experienced a cyber security incident that affected daily operations and gave hackers access to “a significant quantity of data”. The NHS trust added that the sensitive personal data of its staff and patients were also accessed during the incident.

 

In a press release, National Records of Scotland (NRS) said it stored certain data in the affected network as the government body “runs an administrative service for the NHS to allow the transfer of patient records when people move between health board areas, across borders within the UK or move overseas.”

 

“NRS has been assessing the stolen information through a prioritised risk assessment process and has identified a small number of cases where there was sensitive information held temporarily on the network at the time of the attack,” the department said.

 

NRS has identified a “small number of cases” where the sensitive personal data was compromised during the incident and is in the process of notifying the affected individuals. It has also informed the Information Commissioner’s Office regarding the data breach.

 

“Some information which comes from the statutory births, deaths and marriages registers was also accessed. This information is used to correctly identify patients and maintain the accuracy of the service,” NRS added.

 

In a statement shared with the media, NRS Chief Executive Janet Egdell said, “We are aware that this will be distressing news for those individuals most directly affected. This is a live criminal investigation, and we are working closely with NHS Dumfries and Galloway, Police Scotland, Scottish Government and other agencies involved in the inquiry.

 

“NRS takes cyber security and privacy seriously. This includes ensuring the continued safe provision of the service we provide,” Egdell added. The agency is yet to disclose how many individuals were affected by the security incident.