Hackers threaten to publish thousands of NHS patient records
CRIMINALS behind a cyber attack on a Scottish health board have threatened to publish thousands of patient records unless its demands are met.
The gang has already leaked a ‘small amount’ of patient details on its dark web blog after stealing a ‘substantial’ amount of data from NHS Dumfries and Galloway last month.
It issued a ‘proof pack’ to show it has the information, which has been confirmed by the board to be genuine.
Police Scotland last night confirmed its investigation into the cyber attack is continuing.
The group responsible is believed to be Inc. Ransom, a ransomware outfit thought to have targeted 65 organisations in the last year.
It claims that ‘three terabytes of data’ from NHS Scotland will be ‘published soon’.
The post gives no details of their ransom or how long the board has to meet any demands.
But cyber experts fear an ‘enormous’ cache of data such as this could see as many as 3,000 stolen records illegally sold for the purposes of helping criminals commit identify fraud.
The health board confirmed yesterday that it was aware that ‘clinical data relating to a small number of patients has been published’ by a ‘recognised ransomware group’.
Chief executive Jeff Ace said: ‘We absolutely deplore the release of confidential patient data as part of this criminal act.’
The board plans to contact patients whose data has been leaked, and efforts are continuing to ‘limit any sharing of this information’. Mr Ace added: ‘NHS Dumfries and Galloway is very acutely aware of the potential impact of this development on the patients whose data has been published, and the general anxiety which might result within our patient population.’
Cyber security expert David Arnold, director at Dumfries-based David Allen IT Solutions, said three terabytes was an ‘enormous’ amount of data.
He said: ‘If it’s just patient data and they’ve got three terabytes, that’s tons. If you think of three terabytes as three thousand gigabytes... that’s three thousand records. They’ve got the information and someone will be willing to pay for it. All they want is the money now, they’re not fussed about the people involved.’
Inc. Ransom is an extortion operation that first emerged in July 2023. It encrypts and steals data before threatening to publish it online unless the victim pays up.
According to cyber security website SentinelOne, the gang claims it is doing its victims a favour by highlighting flaws with their online security.
The Scottish Government said it was aware of the situation. But a spokesman added: ‘This incident remains contained to NHS Dumfries and Galloway and there have been no further incidents across NHS Scotland.’
The National Cyber Security Centre said it was working with the police, NHS Scotland and the Scottish Government to ‘fully understand the impact’.