A cybercrime group has claimed it will release a large volume of NHS Scotland data stolen during a sustained hacking attack.
INC Ransom, an extortion operation, has posted a message on its dark web blog, threatening to release three terabytes – which equates to 3,000 gigabytes – of stolen health service patient and staff data.
NHS Dumfries and Galloway confirmed that clinical data relating to a small number of patients had been published as evidence that the gang has the leak.
The “proof pack” of the leak allegedly includes hospital reports, email conversations, clinical reports, document scans, and other sensitive information.
The blog read: “Three terabytes of data will be published soon.”
A Police Scotland spokesperson confirmed that enquiries into the incident remain ongoing.
The UK’s data watchdog, the Information Commissioner’s Office, said it was aware of the situation and was investigating.
A spokesperson for the National Cyber Security Centre said: “We are working with law enforcement, NHS Scotland and the Scottish Government to fully understand the impact of an incident.”
The Scottish Government has been contacted for comment.
‘Focused and ongoing’ cyber attack
The incident comes after NHS Dumfries and Galloway confirmed it had been the target of a “focused and ongoing” cyber attack on March 15.
In a statement the health board confirmed on March 19 that systems were running again as normal – but warned that there is a risk that the hackers have acquired a “significant amount of data”.
On Wednesday, NHS Dumfries and Galloway said it was working with Police Scotland, the National Cyber Security Centre and the Scottish Government to resolve the matter.
Dumfries chief executive Jeff Ace said: “We absolutely deplore the release of confidential patient data as part of this criminal act.
“This information has been released by hackers to evidence that this is in their possession.
“We are continuing to work with Police Scotland, the National Cyber Security Centre, the Scottish Government and other agencies in response to this developing situation.
“Patient-facing services continue to function effectively as normal.
“As part of this response, we will be making contact with any patients whose data has been leaked at this point.
“NHS Dumfries and Galloway is very acutely aware of the potential impact of this development on the patients whose data has been published, and the general anxiety which might result within our patient population.”
Previously, Mr Ace described the incident as an “extremely serious matter demanding a major response”.
He said there was reason to believe that those responsible had acquired patient and staff-specific data.
Follow STV News on WhatsApp
Scan the QR code on your mobile device for all the latest news from around the country
