Potential risk of patients being blackmailed over NHS Dumfries and Galloway leak, according to expert
Cyber security experts at Checkpoint say a similar incident has occurred in the US.
Last updated 9th May 2024
A cyber security expert, and former CIO in NHS Scotland, has claimed there's the potential for individual patients to be blackmailed over the recent NHS Dumfries and Galloway breach.
Bosses at NHS Dumfries and Galloway say a large amount of data taken after a cyber attack has been published on the dark web.
Data relating to a small number of patients was released in March, and the cyber criminals had threatened that more would follow.
Deryck Mitchelson is from checkpoint, he said: "What I said when I was in the NHS was that having a plan in place doesn't mean you don't have any weaknesses or vulnerabilities. I was never able to say that the NHS was 100 per cent safe. It's a huge enterprise and there will always be weaknesses.
"Just recently I've seen press reports in the US of individuals that have been phoned up on the back of ransomware attacks. The individuals themselves have been blackmailed to pay to stop their individual records being released. That's where I've still got concerns.
"The critical thing is for the health service to assume they are going to be breached and to have make sure they have rehearsed plans where they are able to understand 'is it back-ups they bring back, is it systems that they get back?'.
"That's the critical thing because it could have an impact on patient safety and it could have an impact on lives."
NHS Dumfries and Galloway Chief Executive Julie White said:
“This is an utterly abhorrent criminal act by cyber criminals who had threatened to release more data.
“We should not be surprised at this outcome, as this is in line with the way these criminal groups operate.
“Work is beginning to take place with partner agencies to assess the data which has been published. This very much remains a live criminal matter, and we are continuing to work with national agencies including Police Scotland, the National Cyber Security Centre and the Scottish Government.”
Mrs White added:
“NHS Dumfries and Galloway is conscious that this may cause increased anxiety and concern for patients and staff, with a telephone helpline sharing the information hosted at our website available from tomorrow.
“Data accessed by the cyber criminals has now been published onto the dark web – which is not readily accessible to most people.
“Recognising that this is a live criminal matter, we continue to follow the very clear guidance being provided to us by national law enforcement agencies."