Scottish NHS Data Breach Dumped on Dark Web

Dumfries and Galloway patient data released on dark web.

Attackers who hit NHS Dumfries and Galloway have published a large volume of data.

After the cyber attack in March, data relating to a small number of patients was released, and the attackers had threatened that more would follow. In a statement issued yesterday, NHS Dumfries and Galloway confirmed that data accessed by the cyber criminals has now been published onto the dark web.

Attackers were able to access “a significant amount of data including patient and staff-identifiable information” in the attack, and chief executive Julie White called the release of data “an utterly abhorrent criminal act.”

“We should not be surprised at this outcome, as this is in line with the way these criminal groups operate,” White said.

“Work is beginning to take place with partner agencies to assess the data which has been published. This very much remains a live criminal matter, and we are continuing to work with national agencies including Police Scotland, the National Cyber Security Centre and the Scottish Government.”

Data Breach Data Security Published: 7 May