NHS Dumfries and Galloway notifies residents of a serious data breach

NHS Dumfries and Galloway has started contacting every household in Dumfries and Galloway about the data security incident that compromised the sensitive personal and health information of residents.

 

In March, NHS D&G said it experienced a cyber security incident that affected daily operations and gave hackers access to “a significant quantity of data”.

 

The NHS trust said it believed the sensitive personal data of its staff and patients were accessed during the incident and was working with partner agencies, including Police Scotland, the National Cyber Security Centre and the Scottish Government, to resolve the situation.

 

The INC Ransom group claimed responsibility for the cyber attack on NHS D&G and listed the trust as a victim on its data leak site. The group claimed to be in possession of 3 terabytes of data stolen from the trust and shared several samples of the stolen data to prove its authenticity.

 

The group further leaked a separate set of data stolen from the trust, containing some children’s mental health data.

 

In an update, NHS D&G said that the trust has started contacting the residents of the region whose data was compromised during the incident. The letters will reach households across the region between 18th and 22nd June.

 

A letter from Julie White, the NHS Trust’s chief executive, is also attached with a note that provides advice and best practices residents can follow to keep themselves safe from cybercrimes.

 

“We are advising people in Dumfries and Galloway that the best approach to take is to assume that some data relating to you is likely to have been copied and published.

 

“This is an extremely serious situation, and everyone is asked to be on their guard for any attempts to access their computer systems, or any approaches by anyone claiming to hold their data or someone else’s data,” she added.