NHS board apologises for 'anxiety' following major cyber attack

The 'focused and persistent' attack on NHS Dumfries and Galloway began at the end of February.

NHS Dumfries and Galloway apologises for ‘anxiety’ following major cyber attack iStock

A health board has apologised for the “anxiety” caused by a “significant” cyber attack on its systems earlier this year.

NHS Dumfries and Galloway said that it was subject to a “focused and persistent” attack which began at the end of February.

It said that a “very large amount of patient and staff-identifiable data” was accessed during the attack and the “scale and breadth of information which the cyber criminals were able to access makes it difficult to define the data which they may have been able to download, or to address this on an individual patient and staff member basis”.

The health board said that there was minimal disruption, with no operations or appointments identified as  having had to be cancelled or postponed as a direct consequence of the attack.

Instead, it added, the immediate impact was primarily on staff working arrangements and as the response required some changes and led to limitations on how they accessed IT systems. 

NHS Dumfries and Galloway has been approached by a “relatively small number” of members of the public, mainly focused on questions and concerns about emails or approaches they have received, but none has so far proved to be related to the attack.

People are encouraged to remain on their guard for anyone trying to access their data, or for approaches by anyone claiming to possess NHS data relating to them or anyone else. 

All such incidents should be reported to Police Scotland by calling 101.

The cyber criminals have so far published a “proof pack” demonstrating that they possess stolen data relating to six individual patients who have all been contacted by NHS Dumfries and Galloway.

The health board’s IT teams have been working with advice provided by experts such as the National Cyber Security Centre and actions have been taken to address any further risk of incursion.

Practical testing will shortly take place before consideration of any moves to lift remaining limitations on staff accessibility to IT systems. 

NHS Dumfries and Galloway said: “We are aware of expectations around transparency in relation to the cyber attack, but would highlight once again that this remains a live and very serious criminal matter, and a situation where ensuring the security of systems is paramount.

“NHS Dumfries and Galloway has been the victim of a very significant and determined cyber attack which has potential implications for the people who work for the board and those who are served by it.

!We are extremely sorry for the anxiety which has been caused, and have sought to be as open as possible while adhering to the very explicit guidance we have received from Police Scotland and partner agencies, and being very mindful of security considerations.”

STV News is now on WhatsApp

Get all the latest news from around the country

Follow STV News
Follow STV News on WhatsApp

Scan the QR code on your mobile device for all the latest news from around the country

WhatsApp channel QR Code