Hackers put patient details on dark web
CriMiNALs behind a cyber attack on a health board have leaked personal data relating to potentially ‘hundreds of thousands’ of staff and patients on the dark web.
it comes six weeks after the gang threatened to make the information available unless NHs Dumfries and Galloway met its demands.
it is understood the leak includes ‘high risk’ data, such as details about hospital admissions and lab results. The ransomware group previously published details of several patients on its dark web portal to show it had the information.
Health bosses have confirmed the hackers have now leaked a ‘large volume of data’ after stealing a ‘significant amount of patient and staff-identifiable’ information during February’s attack.
NHs Dumfries and Galloway chief executive Julie White said: ‘Data accessed by the cyber criminals has now been published onto the dark web – which is not readily accessible to most people.
‘Work is beginning to take place with partner agencies to assess the data which has been published. This very much remains a live criminal matter, and we are continuing to work with national agencies including Police scotland, the National Cyber security Centre and the scottish Government.’
The group responsible is believed to be inc ransom, which is thought to have targeted 65 organisations in the past year. it claimed it stole three terabytes of data from the health board.
Cyber security expert David Arnold, director of Dumfries-based David Allen iT solutions, said three terabytes was an ‘unfathomable amount of data’, adding: ‘We could be talking hundreds of thousands of patient and staff records. it’s a huge quantity.’
The scottish Government said it was aware of a ‘further publication of data on the internet, linked to the recent cyber attack on NHs Dumfries and Galloway’ and is working to assess the ‘possible implications for individuals concerned’.