Hackers seize NHS patient data and threaten to release huge volumes of personal information to the public

27 March 2024, 14:27

NHS Dumfries and Galloway has suffered a data breach
NHS Dumfries and Galloway has suffered a data breach. Picture: Alamy

By Kit Heren

A group of hackers have stolen a large quantity of NHS patient data and threatened to release it.

Listen to this article

Loading audio...

Extortion group INC Ransom said they stole three terabytes - 3,000 gigabytes - of personal patient information from NHS Dumfries and Galloway in Scotland.

The data is said to include hospital reports, email exchanges, document scans and other sensitive information.

The hackers posted a "proof pack" of data on its dark web blog, which is inaccessible to most people. Health bosses confirmed that what had been released was genuine.

The blog post read: “Three terabytes of data will be published soon."

Read more: Satisfaction with NHS slumps to record 40-year low amid GP crisis and growing hospital waiting lists

Read more: Junior doctors vote by 98 per cent to continue strike action for another six months over pay dispute

Public satisfaction with the NHS at lowest level on record

It comes after the NHS Dumfries and Galloway said on March 15 that it had been targeted in a "focused and ongoing" attack by hackers.

Health bosses said on March 19 that IT systems had been restored to normal - but warned that hackers could have stolen a “significant amount of data”

NHS Dumfries and Galloway chief executive Jeff Ace said: "We absolutely deplore the release of confidential patient data as part of this criminal act.

"This information has been released by hackers to evidence that this is in their possession.

NHS Dumfries and Galloway
NHS Dumfries and Galloway. Picture: Alamy

"We are continuing to work with Police Scotland, the National Cyber Security Centre, the Scottish Government, and other agencies in response to this developing situation."

Mr Ace said: "NHS Dumfries and Galloway is very acutely aware of the potential impact of this development on the patients whose data has been published, and the general anxiety which might result within our patient population."

A spokeswoman for Police Scotland said: "Police Scotland inquiries are continuing into a cyber attack on NHS Dumfries & Galloway."

A spokesman for the National Cyber Security Centre said: "We are working with law enforcement, NHS Scotland and the Scottish Government to fully understand the impact of an incident."

Patient services are continuing as normal.